[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247974

 
 

909

 
 

194654

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-3278Date: (C)2007-06-19   (M)2024-02-22


PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.9
Exploit Score: 3.4
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SUNALERT-103197
SUNALERT-200559
http://www.securityfocus.com/archive/1/471541/100/0/threaded
http://www.securityfocus.com/archive/1/471644/100/0/threaded
SECUNIA-28376
SECUNIA-28437
SECUNIA-28438
SECUNIA-28445
SECUNIA-28454
SECUNIA-28477
SECUNIA-28479
SECUNIA-28679
SECUNIA-29638
OSVDB-40899
ADV-2008-0109
ADV-2008-1071
DSA-1460
DSA-1463
GLSA-200801-15
MDKSA-2007:188
RHSA-2008:0038
RHSA-2008:0039
RHSA-2008:0040
SSRT080006
USN-568-1
http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt
http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf
oval:org.mitre.oval:def:10334
postgresql-dblink-sql-injection(35142)

CWE    1
CWE-264
OVAL    2
oval:org.mitre.oval:def:8199
oval:org.mitre.oval:def:7844

© SecPod Technologies