CVE-2007-3278

CVSS v2.0

6.9

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions PostgreSQL versions 8.1 and later

Description The issue allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries. This is possible when local trust authentication is enabled and the Database Link library (dblink) is installed. Attackers can exploit this by using a dblink host parameter that proxies the connection from 127.0.0.1.

Recommendations For PostgreSQL versions 8.1 and later, consider disabling the Database Link library (dblink) or restricting its use to prevent exploitation. Additionally, review and restrict local trust authentication settings to minimize the risk of unauthorized access.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2007-3278

DSA-1460-1

DSA-1463-1

RHSA-2008:0038

RHSA-2008:0039

RHSA-2008:0040

RHSA-2008_0038

Affected Products

Postgresql

Red Hat

CVE-2007-3278

Weakness Enumeration

Related Identifiers

Affected Products

References · 46