CVE-2007-3280 - The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that

CVE-2007-3280

Summary

The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access.

References

Vulnerable Configurations

cpe:2.3:a:postgresql:postgresql:8.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1:*:*:*:*:*:*:*

CVSS

Base:	9.0 (as of 16-10-2018 - 16:48)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:S/C:C/I:C/A:C

refmap via4

bugtraq	20070616 Having Fun With PostgreSQL
mandriva	MDKSA-2007:188
misc	http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf
osvdb	40901
xf	postgresql-dblink-command-execution(35145)

statements via4

contributor	Mark J Cox
lastmodified	2007-09-28
organization	Red Hat
statement	Red Hat does not consider this do be a security issue. The ability of the superuser to execute code on behalf of the database server is an intended feature and imposes no security threat as the superuser account is restricted to the database administrator.

Last major update

16-10-2018 - 16:48

Published

19-06-2007 - 21:30

Last modified

16-10-2018 - 16:48