10 High
AI Score
Confidence
High
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.014 Low
EPSS
Percentile
86.5%
Nico Leidecker discovered that PostgreSQL did not properly
restrict dblink functions. An authenticated user could exploit
this flaw to access arbitrary accounts and execute arbitrary
SQL queries. (CVE-2007-3278, CVE-2007-6601)
It was discovered that the TCL regular expression parser used
by PostgreSQL did not properly check its input. An attacker
could send crafted regular expressions to PostgreSQL and cause
a denial of service via resource exhaustion or database crash.
(CVE-2007-4769, CVE-2007-4772, CVE-2007-6067)
It was discovered that PostgreSQL executed VACUUM and ANALYZE
operations within index functions with superuser privileges and
also allowed SET ROLE and SET SESSION AUTHORIZATION within index
functions. A remote authenticated user could exploit these flaws
to gain privileges. (CVE-2007-6600)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 7.10 | noarch | postgresql-8.2 | < 8.2.6-0ubuntu0.7.10.1 | UNKNOWN |
Ubuntu | 7.10 | noarch | libecpg-compat2 | < 8.2.6-0ubuntu0.7.10.1 | UNKNOWN |
Ubuntu | 7.10 | noarch | libecpg-dev | < 8.2.6-0ubuntu0.7.10.1 | UNKNOWN |
Ubuntu | 7.10 | noarch | libecpg5 | < 8.2.6-0ubuntu0.7.10.1 | UNKNOWN |
Ubuntu | 7.10 | noarch | libpgtypes2 | < 8.2.6-0ubuntu0.7.10.1 | UNKNOWN |
Ubuntu | 7.10 | noarch | libpq-dev | < 8.2.6-0ubuntu0.7.10.1 | UNKNOWN |
Ubuntu | 7.10 | noarch | libpq5 | < 8.2.6-0ubuntu0.7.10.1 | UNKNOWN |
Ubuntu | 7.10 | noarch | postgresql-client-8.2 | < 8.2.6-0ubuntu0.7.10.1 | UNKNOWN |
Ubuntu | 7.10 | noarch | postgresql-contrib-8.2 | < 8.2.6-0ubuntu0.7.10.1 | UNKNOWN |
Ubuntu | 7.10 | noarch | postgresql-plperl-8.2 | < 8.2.6-0ubuntu0.7.10.1 | UNKNOWN |