QwikSec

Security Database

CVE

CWE

Training

CVE-2007-3279

Published: Jun 19, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

PostgreSQL 8.1 and probably later versions, when the PL/pgSQL (plpgsql) language has been created, grants certain plpgsql privileges to the PUBLIC domain, which allows remote attackers to create and execute functions, as demonstrated by functions that perform local brute-force password guessing attacks, which may evade intrusion detection.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_OSVDB

http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt

x_refsource_MISC

vendor-advisory

x_refsource_MANDRIVA

http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf

x_refsource_MISC

20070616 Having Fun With PostgreSQL

mailing-list

x_refsource_BUGTRAQ

postgresql-dblink-weak-security(35144)

vdb-entry

x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.