CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0CVE-2007-3280
https://notcve.org/view.php?id=CVE-2007-3280
The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access. La librería de Enlace a Base de Datos (Database Link) (dblink) en PostgreSQL 8.1 implementa funciones mediante sentencias CREATE que mapean a librerías arbitrarias basadas en el lenguaje de programación C, lo cual permite a superusuarios autenticados remotamente, mapear y ejecutar una función de cualquier librería, como se ha demostrado usando la función system en libc.so.6 para obtener acceso a una línea de comandos. • http://osvdb.org/40901 http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt http://www.mandriva.com/security/advisories?name=MDKSA-2007:188 http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf http://www.securityfocus.com/archive/1/471541/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/35145 •
CVSS: 6.9EPSS: 0%CPEs: 7EXPL: 0CVE-2007-3278 – dblink allows proxying of database connections via 127.0.0.1
https://notcve.org/view.php?id=CVE-2007-3278
PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1. PostgreSQL 8.1 y probablemente versiones posteriores, cuando la autenticación de confianza local está habilitada y la librería de enlace a base de datos (Database Link Library (dblink) está instalada, permite a atacantes remotos acceder a cuentas de su elección y ejecutar peticiones SQL mediante un parámetro host de dblink que hace de proxy de la conexión desde 127.0.0.1. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 http://osvdb.org/40899 http://secunia.com/advisories/28376 http://secunia.com/advisories/28437 http://secunia.com/advisories/28438 http://secunia.com/advisories/28445 http://secunia.com/advisories/28454 http://secunia.com/advisories/28477 http://secunia.com/advisories/28479 http://secunia.com/advisories/28679 http://secunia.com/advisories/29638 http://security.gentoo.org/glsa/glsa-200801-15.xml h • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.0EPSS: 0%CPEs: 10EXPL: 0CVE-2007-2138 – PostgreSQL security-definer function privilege escalation
https://notcve.org/view.php?id=CVE-2007-2138
Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings." Vulnerabilidad de búsqueda en ruta no confiable en PostgreSQL anterior a 7.3.19, 7.4.x anterior a 7.4.17, 8.0.x anterior a 8.0.13, 8.1.x anterior a 8.1.9, y 8.2.x anterior a 8.2.4 permite a usuarios remotos validados, cuando se permite hacer la llamada a la función SECURITY DEFINER, para ganar los privilegios de la función propietaria, relacionado con "configuración de search_path". • http://rhn.redhat.com/errata/RHSA-2007-0336.html http://secunia.com/advisories/24989 http://secunia.com/advisories/24999 http://secunia.com/advisories/25005 http://secunia.com/advisories/25019 http://secunia.com/advisories/25037 http://secunia.com/advisories/25058 http://secunia.com/advisories/25184 http://secunia.com/advisories/25238 http://secunia.com/advisories/25334 http://secunia.com/advisories/25717 http://secunia.com/advisories/25720 http://secunia.com/advisories&#x • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.5EPSS: 0%CPEs: 5EXPL: 0CVE-2007-0555
https://notcve.org/view.php?id=CVE-2007-0555
PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 allows attackers to disable certain checks for the data types of SQL function arguments, which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content. PostgreSQL 7.3 anterior a 7.3.13, 7.4 anterior a 7.4.16, 8.0 anterior a 8.0.11, 8.1 anterior a 8.1.7, y 8.2 anterior a 8.2.2 permite a los atacantes desactivar determinadas comprobaciones de los tipos de datos de los argumentos de funciones SQL, lo cual permite a usuarios autenticados remotamente provocar una denegación de servicio (caída del servidor) y posiblemente acceder a contenido de la base de datos. • ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc http://fedoranews.org/cms/node/2554 http://lists.rpath.com/pipermail/security-announce/2007-February/000141.html http://osvdb.org/33087 http://secunia.com/advisories/24028 http://secunia.com/advisories/24033 http://secunia.com/advisories/24042 http://secunia.com/advisories/24050 http://secunia.com/advisories/24057 http://secunia.com/advisories/24094 http://secunia.com/advisories/24151 http://secunia&# •
CVSS: 6.6EPSS: 1%CPEs: 92EXPL: 0CVE-2007-0556
https://notcve.org/view.php?id=CVE-2007-0556
The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an "ALTER COLUMN TYPE" SQL statement, which can be leveraged to read arbitrary memory from the server. El planificador de peticiones en PostgreSQL anterior a 8.0.11, 8.1 anterior a 8.1.7, y 8.2 anterior a 8.2.2 no verifica que una tabla sea compatible con un "plan de peticiones realizado previamente", lo cual permite a usuarios autenticados remotamente provocar una denegación de servicio (caída del servidor) y posiblemente acceder a contenido de la base de datos mediante una sentencia SQL "ALTER COLUMN TYPE", lo cual puede ser aprovechado para leer memoria de su elección del servidor. • http://fedoranews.org/cms/node/2554 http://lists.rpath.com/pipermail/security-announce/2007-February/000141.html http://osvdb.org/33302 http://secunia.com/advisories/24028 http://secunia.com/advisories/24033 http://secunia.com/advisories/24042 http://secunia.com/advisories/24050 http://secunia.com/advisories/24057 http://secunia.com/advisories/24151 http://secunia.com/advisories/24315 http://secunia.com/advisories/24513 http://secunia.com/advisories/24577 http://secunia&# •