10
CVE-2007-3279
- EPSS 2.61%
- Veröffentlicht 19.06.2007 21:30:00
- Zuletzt bearbeitet 16.06.2026 22:41:24
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
PostgreSQL 8.1 and probably later versions, when the PL/pgSQL (plpgsql) language has been created, grants certain plpgsql privileges to the PUBLIC domain, which allows remote attackers to create and execute functions, as demonstrated by functions that perform local brute-force password guessing attacks, which may evade intrusion detection.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Postgresql ≫ Postgresql Version8.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.61% | 0.834 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2007:188
http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf
http://www.securityfocus.com/archive/1/471541/100/0/threaded
http://osvdb.org/40900
https://exchange.xforce.ibmcloud.com/vulnerabilities/35144