CVE-2007-3279

Name of the Vulnerable Software and Affected Versions PostgreSQL versions 8.1 and later

Description The issue allows remote attackers to create and execute functions, potentially leading to local brute-force password guessing attacks that may evade intrusion detection. This is possible because certain plpgsql privileges are granted to the PUBLIC domain when the PL/pgSQL (plpgsql) language has been created.

Recommendations For PostgreSQL versions 8.1 and later, consider revoking unnecessary plpgsql privileges from the PUBLIC domain to prevent unauthorized function creation and execution. As a temporary workaround, consider restricting access to the PL/pgSQL language until a more permanent solution is available.