Описание
PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1.
PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2007-3278
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35142
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10334
- https://usn.ubuntu.com/568-1
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
- http://osvdb.org/40899
- http://secunia.com/advisories/28376
- http://secunia.com/advisories/28437
- http://secunia.com/advisories/28438
- http://secunia.com/advisories/28445
- http://secunia.com/advisories/28454
- http://secunia.com/advisories/28477
- http://secunia.com/advisories/28479
- http://secunia.com/advisories/28679
- http://secunia.com/advisories/29638
- http://security.gentoo.org/glsa/glsa-200801-15.xml
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1
- http://www.debian.org/security/2008/dsa-1460
- http://www.debian.org/security/2008/dsa-1463
- http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:188
- http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf
- http://www.redhat.com/support/errata/RHSA-2008-0038.html
- http://www.redhat.com/support/errata/RHSA-2008-0039.html
- http://www.redhat.com/support/errata/RHSA-2008-0040.html
- http://www.securityfocus.com/archive/1/471541/100/0/threaded
- http://www.securityfocus.com/archive/1/471644/100/0/threaded
- http://www.vupen.com/english/advisories/2008/0109
- http://www.vupen.com/english/advisories/2008/1071/references
EPSS
CVE ID
Связанные уязвимости
PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1.
PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1.
PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1.
PostgreSQL 8.1 and probably later versions, when local trust authentic ...
ELSA-2008-0038: Moderate: postgresql security update (MODERATE)
EPSS