CVE - CVE-2007-3278

CVE-ID
CVE-2007-3278	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20070616 Having Fun With PostgreSQL URL:http://www.securityfocus.com/archive/1/471541/100/0/threaded BUGTRAQ:20070618 Re: Having Fun With PostgreSQL URL:http://www.securityfocus.com/archive/1/471644/100/0/threaded MISC:http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt MISC:http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf DEBIAN:DSA-1460 URL:http://www.debian.org/security/2008/dsa-1460 DEBIAN:DSA-1463 URL:http://www.debian.org/security/2008/dsa-1463 GENTOO:GLSA-200801-15 URL:http://security.gentoo.org/glsa/glsa-200801-15.xml HP:HPSBTU02325 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 HP:SSRT080006 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 MANDRIVA:MDKSA-2007:188 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:188 REDHAT:RHSA-2008:0038 URL:http://www.redhat.com/support/errata/RHSA-2008-0038.html REDHAT:RHSA-2008:0039 URL:http://www.redhat.com/support/errata/RHSA-2008-0039.html REDHAT:RHSA-2008:0040 URL:http://www.redhat.com/support/errata/RHSA-2008-0040.html SUNALERT:103197 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1 SUNALERT:200559 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1 UBUNTU:USN-568-1 URL:https://usn.ubuntu.com/568-1/ OVAL:oval:org.mitre.oval:def:10334 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10334 VUPEN:ADV-2008-0109 URL:http://www.vupen.com/english/advisories/2008/0109 VUPEN:ADV-2008-1071 URL:http://www.vupen.com/english/advisories/2008/1071/references OSVDB:40899 URL:http://osvdb.org/40899 SECUNIA:28376 URL:http://secunia.com/advisories/28376 SECUNIA:28438 URL:http://secunia.com/advisories/28438 SECUNIA:28445 URL:http://secunia.com/advisories/28445 SECUNIA:28437 URL:http://secunia.com/advisories/28437 SECUNIA:28454 URL:http://secunia.com/advisories/28454 SECUNIA:28477 URL:http://secunia.com/advisories/28477 SECUNIA:28479 URL:http://secunia.com/advisories/28479 SECUNIA:28679 URL:http://secunia.com/advisories/28679 SECUNIA:29638 URL:http://secunia.com/advisories/29638 XF:postgresql-dblink-sql-injection(35142) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/35142
Assigning CNA
N/A
Date Entry Created
20070619	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070619)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org