CVE-2007-3278

PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1.

Published: Jun 19, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-3278
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
postgresql / postgresql	7.4	7.4.19
postgresql / postgresql	8.0	8.0.15
postgresql / postgresql	8.1	8.1.11
postgresql / postgresql	8.2	8.2.6
postgresql / postgresql	7.3	7.3.21
debian / debian_linux	3.1	3.1.x
debian / debian_linux	4.0	4.0.x

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
http://osvdb.org/40899
http://secunia.com/advisories/28376
http://secunia.com/advisories/28437
http://secunia.com/advisories/28438
http://secunia.com/advisories/28445
http://secunia.com/advisories/28454
http://secunia.com/advisories/28477
http://secunia.com/advisories/28479
http://secunia.com/advisories/28679
http://secunia.com/advisories/29638
http://security.gentoo.org/glsa/glsa-200801-15.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1
http://www.debian.org/security/2008/dsa-1460
http://www.debian.org/security/2008/dsa-1463
http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2007:188
http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf
http://www.redhat.com/support/errata/RHSA-2008-0038.html
http://www.redhat.com/support/errata/RHSA-2008-0039.html
http://www.redhat.com/support/errata/RHSA-2008-0040.html
http://www.securityfocus.com/archive/1/471541/100/0/threaded
http://www.securityfocus.com/archive/1/471644/100/0/threaded
http://www.vupen.com/english/advisories/2008/0109
http://www.vupen.com/english/advisories/2008/1071/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/35142
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10334
https://usn.ubuntu.com/568-1/

Vulnerability Database

289,697

CVE-2007-3278