CVE-2007-3280 - Vulnerability Details - OpenCVE

Description

The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access.

Published: 2007-06-19

Score: 9.0 Critical

EPSS: 48.9% Moderate

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

cpe:2.3:a:postgresql:postgresql:8.1:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.48919.

Key SSVC decision points have not yet been added.

References

Link	Providers
http://osvdb.org/40901
http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2007:188
http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf
http://www.securityfocus.com/archive/1/471541/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/35145

History

No history.

Subscriptions

Postgresql Postgresql

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-06-19T21:00:00.000Z

Updated: 2024-08-07T14:14:11.897Z

Reserved: 2007-06-19T00:00:00.000Z

Link: CVE-2007-3280

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-06-19T21:30:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-3280

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-06-05T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt"}, {"name": "MDKSA-2007:188", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:188"}, {"name": "40901", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/40901"}, {"name": "postgresql-dblink-command-execution(35145)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35145"}, {"tags": ["x_refsource_MISC"], "url": "http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf"}, {"name": "20070616 Having Fun With PostgreSQL", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/471541/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-3280", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt", "refsource": "MISC", "url": "http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt"}, {"name": "MDKSA-2007:188", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:188"}, {"name": "40901", "refsource": "OSVDB", "url": "http://osvdb.org/40901"}, {"name": "postgresql-dblink-command-execution(35145)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35145"}, {"name": "http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf", "refsource": "MISC", "url": "http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf"}, {"name": "20070616 Having Fun With PostgreSQL", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/471541/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:14:11.897Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt"}, {"name": "MDKSA-2007:188", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:188"}, {"name": "40901", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/40901"}, {"name": "postgresql-dblink-command-execution(35145)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35145"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf"}, {"name": "20070616 Having Fun With PostgreSQL", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/471541/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-3280", "datePublished": "2007-06-19T21:00:00.000Z", "dateReserved": "2007-06-19T00:00:00.000Z", "dateUpdated": "2024-08-07T14:14:11.897Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:postgresql:postgresql:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "2AF590F2-899F-42E1-8A57-6F514C94CE4F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access."}, {"lang": "es", "value": "La librer\u00eda de Enlace a Base de Datos (Database Link) (dblink) en PostgreSQL 8.1 implementa funciones mediante sentencias CREATE que mapean a librer\u00edas arbitrarias basadas en el lenguaje de programaci\u00f3n C, lo cual permite a superusuarios autenticados remotamente, mapear y ejecutar una funci\u00f3n de cualquier librer\u00eda, como se ha demostrado usando la funci\u00f3n system en libc.so.6 para obtener acceso a una l\u00ednea de comandos."}], "id": "CVE-2007-3280", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-06-19T21:30:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/40901"}, {"source": "cve@mitre.org", "url": "http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:188"}, {"source": "cve@mitre.org", "url": "http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/471541/100/0/threaded"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35145"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/40901"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:188"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/471541/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35145"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Red Hat does not consider this do be a security issue. The ability of the superuser to execute code on behalf of the database server is an intended feature and imposes no security threat as the superuser account is restricted to the database administrator.\n", "lastModified": "2007-09-28T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}