CVE-2007-3278 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-3278
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-3278

Description: PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/35142 UBUNTU http://www.ubuntulinux.org/support/documentation/usn/usn-568-1 SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1 SAID Secunia Advisory: SA28445 Secunia Advisory: SA28437 Secunia Advisory: SA28376 Secunia Advisory: SA28438 Secunia Advisory: SA28454 Secunia Advisory: SA28477 Secunia Advisory: SA28479 Secunia Advisory: SA28679 Secunia Advisory: SA29638 REDHAT http://www.redhat.com/support/errata/RHSA-2008-0040.html http://www.redhat.com/support/errata/RHSA-2008-0039.html http://www.redhat.com/support/errata/RHSA-2008-0038.html OSVDB 40899 MISC http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:188 HP http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 GENTOO http://security.gentoo.org/glsa/glsa-200801-15.xml DEBIAN http://www.debian.org/security/2008/dsa-1463 http://www.debian.org/security/2008/dsa-1460 BUGTRAQ http://www.securityfocus.com/archive/1/471644/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/471541/100/0/threaded

Return to the previous page.