Vulnerability Description
PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Postgresql | Postgresql | >= 7.3, < 7.3.21 |
| Debian | Debian Linux | 3.1 |
Related Weaknesses (CWE)
References
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154Third Party Advisory
- http://osvdb.org/40899Broken Link
- http://secunia.com/advisories/28376Broken Link
- http://secunia.com/advisories/28437Broken Link
- http://secunia.com/advisories/28438Broken Link
- http://secunia.com/advisories/28445Broken Link
- http://secunia.com/advisories/28454Broken Link
- http://secunia.com/advisories/28477Broken Link
- http://secunia.com/advisories/28479Broken Link
- http://secunia.com/advisories/28679Broken Link
- http://secunia.com/advisories/29638Broken Link
- http://security.gentoo.org/glsa/glsa-200801-15.xmlThird Party Advisory
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1Broken Link
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1Broken Link
- http://www.debian.org/security/2008/dsa-1460Third Party Advisory
FAQ
What is CVE-2007-3278?
CVE-2007-3278 is a vulnerability with a CVSS score of 6.9 (MEDIUM). PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and exe...
How severe is CVE-2007-3278?
CVE-2007-3278 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3278?
Check the references section above for vendor advisories and patch information. Affected products include: Postgresql Postgresql, Debian Debian Linux.