6.9

CVE-2007-3278

EPSS 0.58%
Published 19.06.2007 21:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1.

Affected products Warnungen 0 Metrics 2 CWE 0 References 32

Data is provided by the National Vulnerability Database (NVD)

Postgresql ≫ Postgresql Version >= 7.3 < 7.3.21

Postgresql ≫ Postgresql Version >= 7.4 < 7.4.19

Postgresql ≫ Postgresql Version >= 8.0 < 8.0.15

Postgresql ≫ Postgresql Version >= 8.1 < 8.1.11

Postgresql ≫ Postgresql Version >= 8.2 < 8.2.6

Debian ≫ Debian Linux Version3.1

Debian ≫ Debian Linux Version4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.58%	0.664

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.9	3.4	10	AV:L/AC:M/Au:N/C:C/I:C/A:C

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154

Third Party Advisory

http://osvdb.org/40899

Broken Link

http://secunia.com/advisories/28376

Broken Link

http://secunia.com/advisories/28437

Broken Link

http://secunia.com/advisories/28438

Broken Link

http://secunia.com/advisories/28445

Broken Link

http://secunia.com/advisories/28454

Broken Link

http://secunia.com/advisories/28477

Broken Link

http://secunia.com/advisories/28479

Broken Link

http://secunia.com/advisories/28679

Broken Link

http://secunia.com/advisories/29638

Broken Link

http://security.gentoo.org/glsa/glsa-200801-15.xml

Third Party Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1

Broken Link

http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1

Broken Link

http://www.debian.org/security/2008/dsa-1460

Third Party Advisory

http://www.debian.org/security/2008/dsa-1463

Third Party Advisory

http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2007:188

Third Party Advisory

http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2008-0038.html

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2008-0039.html

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2008-0040.html

Third Party Advisory

http://www.securityfocus.com/archive/1/471541/100/0/threaded

Third Party Advisory

VDB Entry

http://www.securityfocus.com/archive/1/471644/100/0/threaded

Third Party Advisory

VDB Entry

http://www.vupen.com/english/advisories/2008/0109

Permissions Required

http://www.vupen.com/english/advisories/2008/1071/references

Permissions Required

https://exchange.xforce.ibmcloud.com/vulnerabilities/35142

Third Party Advisory

VDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10334

Third Party Advisory

https://usn.ubuntu.com/568-1/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2007-3278

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-3278

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-3278

EUVD