Описание
The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access.
The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2007-3280
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35145
- http://osvdb.org/40901
- http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:188
- http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf
- http://www.securityfocus.com/archive/1/471541/100/0/threaded
EPSS
CVE ID
Связанные уязвимости
The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access.
The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access.
The Database Link library (dblink) in PostgreSQL 8.1 implements functi ...
EPSS