Published: 09/01/2008 Updated: 18/01/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Subscribe to Postgresql

The DBLink module in PostgreSQL 8.2 prior to 8.2.6, 8.1 prior to 8.1.11, 8.0 prior to 8.0.15, 7.4 prior to 7.4.19, and 7.3 prior to 7.3.21, when local trust or ident authentication is used, allows remote malicious users to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278.

Vulnerable Product	Search on Vulmon	Subscribe to Product
postgresql postgresql 8.2
postgresql postgresql
debian debian linux 3.1
debian debian linux 4.0
fedoraproject fedora 8
fedoraproject fedora 7

Nico Leidecker discovered that PostgreSQL did not properly restrict dblink functions An authenticated user could exploit this flaw to access arbitrary accounts and execute arbitrary SQL queries (CVE-2007-3278, CVE-2007-6601) ...

Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-3278 It was discovered that the DBLink module performed insufficient credential validation This issue is also tracked as CVE-2007-6601, ...

Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-3278 It was discovered that the DBLink module performed insufficient credential validation This issue is also tracked as CVE-2007-6601, ...

CWE-287 http://www.postgresql.org/about/news.905 http://www.securityfocus.com/bid/27163 http://securitytracker.com/id?1019157 http://secunia.com/advisories/28359 http://www.mandriva.com/security/advisories?name=MDVSA-2008:004 https://issues.rpath.com/browse/RPL-1768 http://www.debian.org/security/2008/dsa-1460 http://www.debian.org/security/2008/dsa-1463 https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html http://www.redhat.com/support/errata/RHSA-2008-0038.html http://www.redhat.com/support/errata/RHSA-2008-0039.html http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1 http://secunia.com/advisories/28376 http://secunia.com/advisories/28438 http://secunia.com/advisories/28445 http://secunia.com/advisories/28437 http://secunia.com/advisories/28454 http://secunia.com/advisories/28464 http://secunia.com/advisories/28477 http://secunia.com/advisories/28479 http://secunia.com/advisories/28455 http://security.gentoo.org/glsa/glsa-200801-15.xml http://secunia.com/advisories/28679 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html http://secunia.com/advisories/28698 http://www.redhat.com/support/errata/RHSA-2008-0040.html http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1 http://secunia.com/advisories/29638 http://www.vupen.com/english/advisories/2008/1071/references http://www.vupen.com/english/advisories/2008/0109 http://www.vupen.com/english/advisories/2008/0061 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 https://exchange.xforce.ibmcloud.com/vulnerabilities/39500 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11127 https://usn.ubuntu.com/568-1/http://www.securityfocus.com/archive/1/486407/100/0/threaded http://www.securityfocus.com/archive/1/485864/100/0/threaded https://usn.ubuntu.com/568-1/https://nvd.nist.gov

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook