QwikSec

Security Database

CVE

CWE

Training

CVE-2007-3280

Published: Jun 19, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt

x_refsource_MISC

vendor-advisory

x_refsource_MANDRIVA

vdb-entry

x_refsource_OSVDB

postgresql-dblink-command-execution(35145)

vdb-entry

x_refsource_XF

http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf

x_refsource_MISC

20070616 Having Fun With PostgreSQL

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.