CVE-2007-6601

PostgreSQL 7.3.0-7.3.20, 7.4.0-7.4.18, 8.0.0-8.0.14, 8.1.0-8.1.10, 8.2.0-8.2.5 - Privilege Escalation via DBLink Module

Title source: llm

Description

The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278.

References (38)

Core 38

Core References

Broken Link vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2008:004

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2008/dsa-1460

Not Applicable third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28445

Patch, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/27163

Broken Link x_refsource_confirm

https://issues.rpath.com/browse/RPL-1768

Third Party Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2008-0038.html

Not Applicable third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28454

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/485864/100/0/threaded

Not Applicable, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28359

Broken Link x_refsource_confirm

http://www.postgresql.org/about/news.905

Broken Link vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html

Permissions Required vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/0061

Not Applicable third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28679

Permissions Required, Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/0109

Not Applicable third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28376

Broken Link vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1

Not Applicable third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28437

Broken Link vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11127

Not Applicable third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28455

Not Applicable third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28477

Not Applicable third-party-advisory x_refsource_secunia

http://secunia.com/advisories/29638

Not Applicable third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28479

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2008/dsa-1463

Third Party Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2008-0040.html

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/486407/100/0/threaded

Not Applicable third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28464

Not Applicable third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28698

Broken Link vendor-advisory x_refsource_hp

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154

Broken Link vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1

Broken Link vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/568-1/

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/39500

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html

Not Applicable third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28438

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1019157

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html

Third Party Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2008-0039.html

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200801-15.xml

Permissions Required vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/1071/references

Scores

EPSS 0.0087

EPSS Percentile 75.4%

Details

CWE

CWE-287

Status published

Products (6)

debian/debian_linux 3.1

debian/debian_linux 4.0

fedoraproject/fedora 7

fedoraproject/fedora 8

postgresql/postgresql 8.2

postgresql/postgresql 7.3.0 - 7.3.21

Published Jan 09, 2008

Tracked Since Feb 18, 2026