CVE-2007-3280 - Vulnerability Details - OpenCVE

The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.48052.

Key SSVC decision points have not yet been added.

Vendors	Products
Postgresql Subscribe	Postgresql Subscribe

Configuration 1 [-]

cpe:2.3:a:postgresql:postgresql:8.1:*:*:*:*:*:*:*

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://osvdb.org/40901
http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2007:188
http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf
http://www.securityfocus.com/archive/1/471541/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/35145

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-06-19T21:00:00

Updated: 2024-08-07T14:14:11.897Z

Reserved: 2007-06-19T00:00:00

Link: CVE-2007-3280

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-06-19T21:30:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-3280

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-06-05T00:00:00", "descriptions": [{"lang": "en", "value": "The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt"}, {"name": "MDKSA-2007:188", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:188"}, {"name": "40901", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/40901"}, {"name": "postgresql-dblink-command-execution(35145)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35145"}, {"tags": ["x_refsource_MISC"], "url": "http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf"}, {"name": "20070616 Having Fun With PostgreSQL", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/471541/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-3280", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt", "refsource": "MISC", "url": "http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt"}, {"name": "MDKSA-2007:188", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:188"}, {"name": "40901", "refsource": "OSVDB", "url": "http://osvdb.org/40901"}, {"name": "postgresql-dblink-command-execution(35145)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35145"}, {"name": "http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf", "refsource": "MISC", "url": "http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf"}, {"name": "20070616 Having Fun With PostgreSQL", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/471541/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:14:11.897Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt"}, {"name": "MDKSA-2007:188", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:188"}, {"name": "40901", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/40901"}, {"name": "postgresql-dblink-command-execution(35145)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35145"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf"}, {"name": "20070616 Having Fun With PostgreSQL", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/471541/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-3280", "datePublished": "2007-06-19T21:00:00", "dateReserved": "2007-06-19T00:00:00", "dateUpdated": "2024-08-07T14:14:11.897Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:postgresql:postgresql:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "2AF590F2-899F-42E1-8A57-6F514C94CE4F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access."}, {"lang": "es", "value": "La librer\u00eda de Enlace a Base de Datos (Database Link) (dblink) en PostgreSQL 8.1 implementa funciones mediante sentencias CREATE que mapean a librer\u00edas arbitrarias basadas en el lenguaje de programaci\u00f3n C, lo cual permite a superusuarios autenticados remotamente, mapear y ejecutar una funci\u00f3n de cualquier librer\u00eda, como se ha demostrado usando la funci\u00f3n system en libc.so.6 para obtener acceso a una l\u00ednea de comandos."}], "id": "CVE-2007-3280", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-06-19T21:30:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/40901"}, {"source": "cve@mitre.org", "url": "http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:188"}, {"source": "cve@mitre.org", "url": "http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/471541/100/0/threaded"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35145"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/40901"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:188"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/471541/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35145"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Red Hat does not consider this do be a security issue. The ability of the superuser to execute code on behalf of the database server is an intended feature and imposes no security threat as the superuser account is restricted to the database administrator.\n", "lastModified": "2007-09-28T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}