ID CVE-2007-3280
Summary The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access.
References
Vulnerable Configurations
  • cpe:2.3:a:postgresql:postgresql:8.1:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.1:*:*:*:*:*:*:*
CVSS
Base: 9.0 (as of 16-10-2018 - 16:48)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:S/C:C/I:C/A:C
refmap via4
bugtraq 20070616 Having Fun With PostgreSQL
mandriva MDKSA-2007:188
misc
osvdb 40901
xf postgresql-dblink-command-execution(35145)
statements via4
contributor Mark J Cox
lastmodified 2007-09-28
organization Red Hat
statement Red Hat does not consider this do be a security issue. The ability of the superuser to execute code on behalf of the database server is an intended feature and imposes no security threat as the superuser account is restricted to the database administrator.
Last major update 16-10-2018 - 16:48
Published 19-06-2007 - 21:30
Back to Top