← back
CVE-2007-3278

CVE-2007-3278

EPSS 1.3%
PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154http://osvdb.org/40899http://secunia.com/advisories/28376http://secunia.com/advisories/28437http://secunia.com/advisories/28438http://secunia.com/advisories/28445http://secunia.com/advisories/28454http://secunia.com/advisories/28477http://secunia.com/advisories/28479http://secunia.com/advisories/28679http://secunia.com/advisories/29638http://security.gentoo.org/glsa/glsa-200801-15.xml