{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-06-05T00:00:00", "descriptions": [{"lang": "en", "value": "PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "DSA-1460", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2008/dsa-1460"}, {"name": "28445", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28445"}, {"name": "RHSA-2008:0038", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0038.html"}, {"name": "20070618 Re: Having Fun With PostgreSQL", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/471644/100/0/threaded"}, {"name": "28454", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28454"}, {"tags": ["x_refsource_MISC"], "url": "http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt"}, {"name": "28679", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28679"}, {"name": "ADV-2008-0109", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0109"}, {"name": "MDKSA-2007:188", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:188"}, {"name": "postgresql-dblink-sql-injection(35142)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35142"}, {"name": "28376", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28376"}, {"name": "103197", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1"}, {"name": "28437", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28437"}, {"name": "28477", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28477"}, {"name": "29638", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29638"}, {"name": "28479", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28479"}, {"name": "DSA-1463", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2008/dsa-1463"}, {"name": "RHSA-2008:0040", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0040.html"}, {"name": "SSRT080006", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154"}, {"name": "200559", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1"}, {"name": "oval:org.mitre.oval:def:10334", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10334"}, {"name": "USN-568-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/568-1/"}, {"name": "28438", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28438"}, {"tags": ["x_refsource_MISC"], "url": "http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf"}, {"name": "20070616 Having Fun With PostgreSQL", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/471541/100/0/threaded"}, {"name": "RHSA-2008:0039", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0039.html"}, {"name": "HPSBTU02325", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154"}, {"name": "GLSA-200801-15", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200801-15.xml"}, {"name": "40899", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/40899"}, {"name": "ADV-2008-1071", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1071/references"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-3278", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-1460", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1460"}, {"name": "28445", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28445"}, {"name": "RHSA-2008:0038", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0038.html"}, {"name": "20070618 Re: Having Fun With PostgreSQL", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/471644/100/0/threaded"}, {"name": "28454", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28454"}, {"name": "http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt", "refsource": "MISC", "url": "http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt"}, {"name": "28679", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28679"}, {"name": "ADV-2008-0109", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0109"}, {"name": "MDKSA-2007:188", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:188"}, {"name": "postgresql-dblink-sql-injection(35142)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35142"}, {"name": "28376", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28376"}, {"name": "103197", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1"}, {"name": "28437", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28437"}, {"name": "28477", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28477"}, {"name": "29638", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29638"}, {"name": "28479", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28479"}, {"name": "DSA-1463", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1463"}, {"name": "RHSA-2008:0040", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0040.html"}, {"name": "SSRT080006", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154"}, {"name": "200559", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1"}, {"name": "oval:org.mitre.oval:def:10334", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10334"}, {"name": "USN-568-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/568-1/"}, {"name": "28438", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28438"}, {"name": "http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf", "refsource": "MISC", "url": "http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf"}, {"name": "20070616 Having Fun With PostgreSQL", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/471541/100/0/threaded"}, {"name": "RHSA-2008:0039", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0039.html"}, {"name": "HPSBTU02325", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154"}, {"name": "GLSA-200801-15", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200801-15.xml"}, {"name": "40899", "refsource": "OSVDB", "url": "http://osvdb.org/40899"}, {"name": "ADV-2008-1071", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1071/references"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:14:12.659Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-1460", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2008/dsa-1460"}, {"name": "28445", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28445"}, {"name": "RHSA-2008:0038", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0038.html"}, {"name": "20070618 Re: Having Fun With PostgreSQL", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/471644/100/0/threaded"}, {"name": "28454", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28454"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt"}, {"name": "28679", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28679"}, {"name": "ADV-2008-0109", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0109"}, {"name": "MDKSA-2007:188", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:188"}, {"name": "postgresql-dblink-sql-injection(35142)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35142"}, {"name": "28376", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28376"}, {"name": "103197", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1"}, {"name": "28437", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28437"}, {"name": "28477", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28477"}, {"name": "29638", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29638"}, {"name": "28479", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28479"}, {"name": "DSA-1463", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2008/dsa-1463"}, {"name": "RHSA-2008:0040", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0040.html"}, {"name": "SSRT080006", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154"}, {"name": "200559", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1"}, {"name": "oval:org.mitre.oval:def:10334", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10334"}, {"name": "USN-568-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/568-1/"}, {"name": "28438", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28438"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf"}, {"name": "20070616 Having Fun With PostgreSQL", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/471541/100/0/threaded"}, {"name": "RHSA-2008:0039", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0039.html"}, {"name": "HPSBTU02325", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154"}, {"name": "GLSA-200801-15", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200801-15.xml"}, {"name": "40899", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/40899"}, {"name": "ADV-2008-1071", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1071/references"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-3278", "datePublished": "2007-06-19T21:00:00", "dateReserved": "2007-06-19T00:00:00", "dateUpdated": "2024-08-07T14:14:12.659Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "90DC5234-7C92-48D9-B1B1-05DB777068CB", "versionEndExcluding": "7.3.21", "versionStartIncluding": "7.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "D71AF224-1C94-4B65-9060-41D2B14FCB15", "versionEndExcluding": "7.4.19", "versionStartIncluding": "7.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "09FF885C-11CD-40BB-B31C-C6A09E5EF1B2", "versionEndExcluding": "8.0.15", "versionStartIncluding": "8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "ECEB192A-37F7-482D-BAEE-6F857854B1C1", "versionEndExcluding": "8.1.11", "versionStartIncluding": "8.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC882AEF-C3B0-4E09-8075-5A42A383CB3F", "versionEndExcluding": "8.2.6", "versionStartIncluding": "8.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1."}, {"lang": "es", "value": "PostgreSQL 8.1 y probablemente versiones posteriores, cuando la autenticaci\u00f3n de confianza local est\u00e1 habilitada y la librer\u00eda de enlace a base de datos (Database Link Library (dblink) est\u00e1 instalada, permite a atacantes remotos acceder a cuentas de su elecci\u00f3n y ejecutar peticiones SQL mediante un par\u00e1metro host de dblink que hace de proxy de la conexi\u00f3n desde 127.0.0.1."}], "id": "CVE-2007-3278", "lastModified": "2023-02-24T15:35:47.827", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-06-19T21:30:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://osvdb.org/40899"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/28376"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/28437"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/28438"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/28445"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/28454"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/28477"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/28479"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/28679"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/29638"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-200801-15.xml"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2008/dsa-1460"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2008/dsa-1463"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:188"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0038.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0039.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0040.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/471541/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/471644/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2008/0109"}, {"source": "cve@mitre.org", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2008/1071/references"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35142"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10334"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/568-1/"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Red Hat does not consider this do be a security issue. dblink is disabled in default configuration of PostgreSQL packages as shipped with Red Hat Enterprise Linux versions 2.1, 3, 4 and 5, and it is a configuration decision whether to grant local users arbitrary access.\n\nFixes to correct this bug were included in PostgreSQL updates:\nhttp:rhn.redhat.comcveCVE-2007-3278.html\n", "lastModified": "2008-02-01T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2008:0039", "cpe": "cpe:/o:redhat:enterprise_linux:3", "package": "rh-postgresql-0:7.3.21-1", "product_name": "Red Hat Enterprise Linux 3", "release_date": "2008-01-11T00:00:00Z"}, {"advisory": "RHSA-2008:0038", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "postgresql-0:7.4.19-1.el4_6.1", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2008-01-11T00:00:00Z"}, {"advisory": "RHSA-2008:0038", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "postgresql-0:8.1.11-1.el5_1.1", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2008-01-11T00:00:00Z"}, {"advisory": "RHSA-2008:0040", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "postgresql-0:8.1.11-1.el4s1.1", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-02-01T00:00:00Z"}], "bugzilla": {"description": "dblink allows proxying of database connections via 127.0.0.1", "id": "309141", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=309141"}, "csaw": false, "details": ["PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1."], "name": "CVE-2007-3278", "public_date": "2007-06-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2007-3278\nhttps://nvd.nist.gov/vuln/detail/CVE-2007-3278"], "statement": "Red Hat does not consider this do be a security issue. dblink is disabled in default configuration of PostgreSQL packages as shipped with Red Hat Enterprise Linux versions 2.1, 3, 4 and 5, and it is a configuration decision whether to grant local users arbitrary access."}