CVE-2007-3278
PostgreSQL 8.1 and later - Remote SQL Query Execution via dblink Host Parameter
Title source: llmDescription
PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1.
References (29)
Core 29
Core References
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2008/dsa-1460
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28445
Third Party Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0038.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/471644/100/0/threaded
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28454
Third Party Advisory x_refsource_misc
http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28679
Permissions Required vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0109
Third Party Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:188
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/35142
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28376
Broken Link vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28437
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28477
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29638
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28479
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2008/dsa-1463
Third Party Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0040.html
Third Party Advisory vendor-advisory
x_refsource_hp
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
Broken Link vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1
Third Party Advisory vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10334
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/568-1/
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28438
Third Party Advisory x_refsource_misc
http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/471541/100/0/threaded
Third Party Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0039.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200801-15.xml
Broken Link vdb-entry
x_refsource_osvdb
http://osvdb.org/40899
Permissions Required vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1071/references
Scores
EPSS
0.0064
EPSS Percentile
70.7%
Details
CWE
CWE-264
Status
published
Products (3)
debian/debian_linux
3.1
debian/debian_linux
4.0
postgresql/postgresql
7.3 - 7.3.21
Published
Jun 19, 2007
Tracked Since
Feb 18, 2026