CVE - CVE-2007-3278

CVE-ID
CVE-2007-3278	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20070616 Having Fun With PostgreSQL URL:http://www.securityfocus.com/archive/1/471541/100/0/threaded BUGTRAQ:20070618 Re: Having Fun With PostgreSQL URL:http://www.securityfocus.com/archive/1/471644/100/0/threaded DEBIAN:DSA-1460 URL:http://www.debian.org/security/2008/dsa-1460 DEBIAN:DSA-1463 URL:http://www.debian.org/security/2008/dsa-1463 GENTOO:GLSA-200801-15 URL:http://security.gentoo.org/glsa/glsa-200801-15.xml HP:HPSBTU02325 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 HP:SSRT080006 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 MANDRIVA:MDKSA-2007:188 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2007:188~~ (Obsolete source) MISC:http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt MISC:http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf OSVDB:40899 URL:~~http://osvdb.org/40899~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:10334 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10334 REDHAT:RHSA-2008:0038 URL:http://www.redhat.com/support/errata/RHSA-2008-0038.html REDHAT:RHSA-2008:0039 URL:http://www.redhat.com/support/errata/RHSA-2008-0039.html REDHAT:RHSA-2008:0040 URL:http://www.redhat.com/support/errata/RHSA-2008-0040.html SECUNIA:28376 URL:http://secunia.com/advisories/28376 SECUNIA:28437 URL:http://secunia.com/advisories/28437 SECUNIA:28438 URL:http://secunia.com/advisories/28438 SECUNIA:28445 URL:http://secunia.com/advisories/28445 SECUNIA:28454 URL:http://secunia.com/advisories/28454 SECUNIA:28477 URL:http://secunia.com/advisories/28477 SECUNIA:28479 URL:http://secunia.com/advisories/28479 SECUNIA:28679 URL:http://secunia.com/advisories/28679 SECUNIA:29638 URL:http://secunia.com/advisories/29638 SUNALERT:103197 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1~~ (Obsolete source) SUNALERT:200559 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1~~ (Obsolete source) UBUNTU:USN-568-1 URL:https://usn.ubuntu.com/568-1/ VUPEN:ADV-2008-0109 URL:~~http://www.vupen.com/english/advisories/2008/0109~~ (Obsolete source) VUPEN:ADV-2008-1071 URL:~~http://www.vupen.com/english/advisories/2008/1071/references~~ (Obsolete source) XF:postgresql-dblink-sql-injection(35142) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/35142
Assigning CNA
MITRE Corporation
Date Record Created
20070619	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070619)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)