← back
CVE-2007-3279

CVE-2007-3279

EPSS 2.6%
PostgreSQL 8.1 and probably later versions, when the PL/pgSQL (plpgsql) language has been created, grants certain plpgsql privileges to the PUBLIC domain, which allows remote attackers to create and execute functions, as demonstrated by functions that perform local brute-force password guessing attacks, which may evade intrusion detection.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://osvdb.org/40900https://exchange.xforce.ibmcloud.com/vulnerabilities/35144http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txthttp://www.mandriva.com/security/advisories?name=MDKSA-2007:188http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdfhttp://www.securityfocus.com/archive/1/471541/100/0/threaded