CVE-2007-3278

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/archive/1/471644/100/0/threaded", "name": "20070618 Re: Having Fun With PostgreSQL", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BUGTRAQ"}, {"url": "http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt", "name": "http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf", "name": "http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:188", "name": "MDKSA-2007:188", "tags": ["Third Party Advisory"], "refsource": "MANDRIVA"}, {"url": "http://www.debian.org/security/2008/dsa-1460", "name": "DSA-1460", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "http://www.debian.org/security/2008/dsa-1463", "name": "DSA-1463", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0038.html", "name": "RHSA-2008:0038", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0039.html", "name": "RHSA-2008:0039", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1", "name": "103197", "tags": ["Broken Link"], "refsource": "SUNALERT"}, {"url": "http://secunia.com/advisories/28376", "name": "28376", "tags": ["Broken Link"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/28438", "name": "28438", "tags": ["Broken Link"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/28445", "name": "28445", "tags": ["Broken Link"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/28437", "name": "28437", "tags": ["Broken Link"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/28454", "name": "28454", "tags": ["Broken Link"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/28477", "name": "28477", "tags": ["Broken Link"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/28479", "name": "28479", "tags": ["Broken Link"], "refsource": "SECUNIA"}, {"url": "http://security.gentoo.org/glsa/glsa-200801-15.xml", "name": "GLSA-200801-15", "tags": ["Third Party Advisory"], "refsource": "GENTOO"}, {"url": "http://secunia.com/advisories/28679", "name": "28679", "tags": ["Broken Link"], "refsource": "SECUNIA"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0040.html", "name": "RHSA-2008:0040", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1", "name": "200559", "tags": ["Broken Link"], "refsource": "SUNALERT"}, {"url": "http://secunia.com/advisories/29638", "name": "29638", "tags": ["Broken Link"], "refsource": "SECUNIA"}, {"url": "http://osvdb.org/40899", "name": "40899", "tags": ["Broken Link"], "refsource": "OSVDB"}, {"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154", "name": "SSRT080006", "tags": ["Third Party Advisory"], "refsource": "HP"}, {"url": "http://www.vupen.com/english/advisories/2008/1071/references", "name": "ADV-2008-1071", "tags": ["Permissions Required"], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2008/0109", "name": "ADV-2008-0109", "tags": ["Permissions Required"], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35142", "name": "postgresql-dblink-sql-injection(35142)", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "XF"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10334", "name": "oval:org.mitre.oval:def:10334", "tags": ["Third Party Advisory"], "refsource": "OVAL"}, {"url": "https://usn.ubuntu.com/568-1/", "name": "USN-568-1", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}, {"url": "http://www.securityfocus.com/archive/1/471541/100/0/threaded", "name": "20070616 Having Fun With PostgreSQL", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-3278", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "MEDIUM", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2007-06-19T21:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "7.4.19", "versionStartIncluding": "7.4"}, {"cpe23Uri": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.0.15", "versionStartIncluding": "8.0"}, {"cpe23Uri": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.1.11", "versionStartIncluding": "8.1"}, {"cpe23Uri": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.2.6", "versionStartIncluding": "8.2"}, {"cpe23Uri": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "7.3.21", "versionStartIncluding": "7.3"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-02-24T15:35Z"}