CVE-2007-3280

Name of the Vulnerable Software and Affected Versions PostgreSQL version 8.1

Description The issue allows remote authenticated superusers to execute arbitrary functions from any library, potentially leading to shell access. This is demonstrated by using the system function in libc.so.6.

Recommendations For PostgreSQL version 8.1, consider restricting the use of the CREATE statement for the Database Link library (dblink) to prevent mapping and execution of arbitrary functions from libraries. As a temporary workaround, limit the privileges of superusers to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.