CVE-2007-6601

Name of the Vulnerable Software and Affected Versions PostgreSQL versions 7.3 through 7.3.20 PostgreSQL versions 7.4 through 7.4.18 PostgreSQL versions 8.0 through 8.0.14 PostgreSQL versions 8.1 through 8.1.10 PostgreSQL versions 8.2 through 8.2.5

Description The issue allows remote attackers to gain privileges via unspecified vectors when local trust or ident authentication is used in the DBLink module. A valid login is required to exploit this issue. DBLink functions combined with local trust or ident access control could be used by a malicious user to gain superuser privileges.

Recommendations For PostgreSQL versions 7.3 through 7.3.20, update to version 7.3.21 or later. For PostgreSQL versions 7.4 through 7.4.18, update to version 7.4.19 or later. For PostgreSQL versions 8.0 through 8.0.14, update to version 8.0.15 or later. For PostgreSQL versions 8.1 through 8.1.10, update to version 8.1.11 or later. For PostgreSQL versions 8.2 through 8.2.5, update to version 8.2.6 or later.