dblink allows proxying of database connections via 127.0.0.1

PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library dblink is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1...

PT-2008-1457 · Postgresql +3 · Postgresql +3

Name of the Vulnerable Software and Affected Versions: PostgreSQL versions 7.4 through 7.4.18 PostgreSQL versions 8.0 through 8.0.14 PostgreSQL versions 8.1 through 8.1.10 PostgreSQL versions 8.2 through 8.2.5 TCL versions prior to 8.4.17 Description: The issue is related to the regular expressio...