CVE-2007-3278

PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1.

CVSS v2.0 6.9 MEDIUM

6.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/archive/1/471644/100/0/threaded	Third Party Advisory VDB Entry
http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt	Third Party Advisory
http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:188	Third Party Advisory
http://www.debian.org/security/2008/dsa-1460	Third Party Advisory
http://www.debian.org/security/2008/dsa-1463	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0038.html	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0039.html	Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1	Broken Link
http://secunia.com/advisories/28376	Broken Link
http://secunia.com/advisories/28438	Broken Link
http://secunia.com/advisories/28445	Broken Link
http://secunia.com/advisories/28437	Broken Link
http://secunia.com/advisories/28454	Broken Link
http://secunia.com/advisories/28477	Broken Link
http://secunia.com/advisories/28479	Broken Link
http://security.gentoo.org/glsa/glsa-200801-15.xml	Third Party Advisory
http://secunia.com/advisories/28679	Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0040.html	Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1	Broken Link
http://secunia.com/advisories/29638	Broken Link
http://osvdb.org/40899	Broken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154	Third Party Advisory
http://www.vupen.com/english/advisories/2008/1071/references	Permissions Required
http://www.vupen.com/english/advisories/2008/0109	Permissions Required
https://exchange.xforce.ibmcloud.com/vulnerabilities/35142	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10334	Third Party Advisory
https://usn.ubuntu.com/568-1/	Third Party Advisory
http://www.securityfocus.com/archive/1/471541/100/0/threaded	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:3.1:::::::*
	cpe:2.3:o:debian:debian_linux:4.0:::::::*

Information

Published : 2007-06-19 14:30

Updated : 2023-02-24 07:35

NVD link : CVE-2007-3278

Mitre link : CVE-2007-3278

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Products Affected

debian

debian_linux

postgresql

postgresql

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/archive/1/471644/100/0/threaded", "name": "20070618 Re: Having Fun With PostgreSQL", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BUGTRAQ"}, {"url": "http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt", "name": "http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf", "name": "http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:188", "name": "MDKSA-2007:188", "tags": ["Third Party Advisory"], "refsource": "MANDRIVA"}, {"url": "http://www.debian.org/security/2008/dsa-1460", "name": "DSA-1460", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "http://www.debian.org/security/2008/dsa-1463", "name": "DSA-1463", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0038.html", "name": "RHSA-2008:0038", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0039.html", "name": "RHSA-2008:0039", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1", "name": "103197", "tags": ["Broken Link"], "refsource": "SUNALERT"}, {"url": "http://secunia.com/advisories/28376", "name": "28376", "tags": ["Broken Link"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/28438", "name": "28438", "tags": ["Broken Link"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/28445", "name": "28445", "tags": ["Broken Link"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/28437", "name": "28437", "tags": ["Broken Link"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/28454", "name": "28454", "tags": ["Broken Link"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/28477", "name": "28477", "tags": ["Broken Link"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/28479", "name": "28479", "tags": ["Broken Link"], "refsource": "SECUNIA"}, {"url": "http://security.gentoo.org/glsa/glsa-200801-15.xml", "name": "GLSA-200801-15", "tags": ["Third Party Advisory"], "refsource": "GENTOO"}, {"url": "http://secunia.com/advisories/28679", "name": "28679", "tags": ["Broken Link"], "refsource": "SECUNIA"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0040.html", "name": "RHSA-2008:0040", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1", "name": "200559", "tags": ["Broken Link"], "refsource": "SUNALERT"}, {"url": "http://secunia.com/advisories/29638", "name": "29638", "tags": ["Broken Link"], "refsource": "SECUNIA"}, {"url": "http://osvdb.org/40899", "name": "40899", "tags": ["Broken Link"], "refsource": "OSVDB"}, {"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154", "name": "SSRT080006", "tags": ["Third Party Advisory"], "refsource": "HP"}, {"url": "http://www.vupen.com/english/advisories/2008/1071/references", "name": "ADV-2008-1071", "tags": ["Permissions Required"], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2008/0109", "name": "ADV-2008-0109", "tags": ["Permissions Required"], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35142", "name": "postgresql-dblink-sql-injection(35142)", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "XF"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10334", "name": "oval:org.mitre.oval:def:10334", "tags": ["Third Party Advisory"], "refsource": "OVAL"}, {"url": "https://usn.ubuntu.com/568-1/", "name": "USN-568-1", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}, {"url": "http://www.securityfocus.com/archive/1/471541/100/0/threaded", "name": "20070616 Having Fun With PostgreSQL", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-3278", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "MEDIUM", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2007-06-19T21:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "7.4.19", "versionStartIncluding": "7.4"}, {"cpe23Uri": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.0.15", "versionStartIncluding": "8.0"}, {"cpe23Uri": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.1.11", "versionStartIncluding": "8.1"}, {"cpe23Uri": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.2.6", "versionStartIncluding": "8.2"}, {"cpe23Uri": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "7.3.21", "versionStartIncluding": "7.3"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-02-24T15:35Z"}

6.9 /10