PRIOn knowledge basePRION:CVE-2007-6601Authentication flaw
6.9 Medium
AI Score
Confidence
Low
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.003 Low
EPSS
Percentile
65.1%
The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278.
| CPE | Name | Operator | Version |
|---|---|---|---|
| debian_linux | eq | 3.1 | |
| debian_linux | eq | 4.0 | |
| fedora | eq | 8 | |
| fedora | eq | 7 | |
| postgresql | eq | 8.2 | |
| postgresql | ge | 7.3.0 | |
| postgresql | lt | 7.3.21 | |
| postgresql | ge | 7.4.0 | |
| postgresql | lt | 7.4.19 | |
| postgresql | ge | 8.0.0 |
References
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html
secunia.com/advisories/28359
secunia.com/advisories/28376
secunia.com/advisories/28437
secunia.com/advisories/28438
secunia.com/advisories/28445
secunia.com/advisories/28454
secunia.com/advisories/28455
secunia.com/advisories/28464
secunia.com/advisories/28477
secunia.com/advisories/28479
secunia.com/advisories/28679
secunia.com/advisories/28698
secunia.com/advisories/29638
security.gentoo.org/glsa/glsa-200801-15.xml
securitytracker.com/id?1019157
sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1
sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1
www.debian.org/security/2008/dsa-1460
www.debian.org/security/2008/dsa-1463
www.mandriva.com/security/advisories?name=MDVSA-2008:004
www.postgresql.org/about/news.905
www.redhat.com/support/errata/RHSA-2008-0038.html
www.redhat.com/support/errata/RHSA-2008-0039.html
www.redhat.com/support/errata/RHSA-2008-0040.html
www.securityfocus.com/archive/1/485864/100/0/threaded
www.securityfocus.com/archive/1/486407/100/0/threaded
www.securityfocus.com/bid/27163
www.vupen.com/english/advisories/2008/0061
www.vupen.com/english/advisories/2008/0109
www.vupen.com/english/advisories/2008/1071/references
exchange.xforce.ibmcloud.com/vulnerabilities/39500
issues.rpath.com/browse/RPL-1768
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11127
usn.ubuntu.com/568-1/
www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html
www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html
Related
6.9 Medium
AI Score
Confidence
Low
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.003 Low
EPSS
Percentile
65.1%