PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote malicious users to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
postgresql postgresql |
||
debian debian linux 3.1 |
||
debian debian linux 4.0 |