CVE-2007-3279
N/A
N/A
Summary
PostgreSQL 8.1 and probably later versions, when the PL/pgSQL (plpgsql) language has been created, grants certain plpgsql privileges to the PUBLIC domain, which allows remote attackers to create and execute functions, as demonstrated by functions that perform local brute-force password guessing attacks, which may evade intrusion detection.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://osvdb.org/40900
- http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:188
- http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf
- http://www.securityfocus.com/archive/1/471541/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35144
References
- http://osvdb.org/40900
- http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:188
- http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf
- http://www.securityfocus.com/archive/1/471541/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35144
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.