Lucene search

K

PRIOn knowledge basePRION:CVE-2007-3280

HistoryJun 19, 2007 - 9:30 p.m.

Design/Logic Flaw

2007-06-1921:30:00

PRIOn knowledge base

www.prio-n.com

6

7.1 High

AI Score

Confidence

Low

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.025 Low

EPSS

Percentile

89.9%

The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access.

CPENameOperatorVersion
postgresqleq8.1

References

osvdb.org/40901

www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt

www.mandriva.com/security/advisories?name=MDKSA-2007:188

www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf

www.securityfocus.com/archive/1/471541/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/35145

7.1 High

AI Score

Confidence

Low

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.025 Low

EPSS

Percentile

89.9%

Related for PRION:CVE-2007-3280

cve1 redhatcve1 exploitdb1 ubuntucve1 nessus1 openvas2 securityvulns2