9

CVE-2007-3280

The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PostgresqlPostgresql Version8.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 26.13% 0.977
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9 8 10
AV:N/AC:L/Au:S/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2007:188
http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf
http://www.securityfocus.com/archive/1/471541/100/0/threaded
http://osvdb.org/40901
https://exchange.xforce.ibmcloud.com/vulnerabilities/35145