CVE-2007-3278
N/A
N/A
Summary
PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.debian.org/security/2008/dsa-1460
- http://secunia.com/advisories/28445
- http://www.redhat.com/support/errata/RHSA-2008-0038.html
- http://www.securityfocus.com/archive/1/471644/100/0/threaded
- http://secunia.com/advisories/28454
- http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt
- http://secunia.com/advisories/28679
- http://www.vupen.com/english/advisories/2008/0109
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:188
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35142
- http://secunia.com/advisories/28376
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1
- http://secunia.com/advisories/28437
- http://secunia.com/advisories/28477
- http://secunia.com/advisories/29638
- http://secunia.com/advisories/28479
- http://www.debian.org/security/2008/dsa-1463
- http://www.redhat.com/support/errata/RHSA-2008-0040.html
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10334
- https://usn.ubuntu.com/568-1/
- http://secunia.com/advisories/28438
- http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf
- http://www.securityfocus.com/archive/1/471541/100/0/threaded
- http://www.redhat.com/support/errata/RHSA-2008-0039.html
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
- http://security.gentoo.org/glsa/glsa-200801-15.xml
- http://osvdb.org/40899
- http://www.vupen.com/english/advisories/2008/1071/references
References
- http://www.debian.org/security/2008/dsa-1460
- http://secunia.com/advisories/28445
- http://www.redhat.com/support/errata/RHSA-2008-0038.html
- http://www.securityfocus.com/archive/1/471644/100/0/threaded
- http://secunia.com/advisories/28454
- http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt
- http://secunia.com/advisories/28679
- http://www.vupen.com/english/advisories/2008/0109
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:188
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35142
- http://secunia.com/advisories/28376
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1
- http://secunia.com/advisories/28437
- http://secunia.com/advisories/28477
- http://secunia.com/advisories/29638
- http://secunia.com/advisories/28479
- http://www.debian.org/security/2008/dsa-1463
- http://www.redhat.com/support/errata/RHSA-2008-0040.html
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10334
- https://usn.ubuntu.com/568-1/
- http://secunia.com/advisories/28438
- http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf
- http://www.securityfocus.com/archive/1/471541/100/0/threaded
- http://www.redhat.com/support/errata/RHSA-2008-0039.html
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
- http://security.gentoo.org/glsa/glsa-200801-15.xml
- http://osvdb.org/40899
- http://www.vupen.com/english/advisories/2008/1071/references
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.