admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2007/CVE-2007-32xx/CVE-2007-3278.json
cad-safe-bot 0607da18d3 Auto-Update: 2025-04-09T02:02:01.564573+00:00
2025-04-09 02:05:49 +00:00

559 lines
15 KiB
JSON
Raw Blame History

{
"id": "CVE-2007-3278",
"sourceIdentifier": "cve@mitre.org",
"published": "2007-06-19T21:30:00.000",
"lastModified": "2025-04-09T00:30:58.490",
"vulnStatus": "Deferred",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1."
},
{
"lang": "es",
"value": "PostgreSQL 8.1 y probablemente versiones posteriores, cuando la autenticaci\u00f3n de confianza local est\u00e1 habilitada y la librer\u00eda de enlace a base de datos (Database Link Library (dblink) est\u00e1 instalada, permite a atacantes remotos acceder a cuentas de su elecci\u00f3n y ejecutar peticiones SQL mediante un par\u00e1metro host de dblink que hace de proxy de la conexi\u00f3n desde 127.0.0.1."
}
],
"metrics": {
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"baseScore": 6.9,
"accessVector": "LOCAL",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": true,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-264"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.3",
"versionEndExcluding": "7.3.21",
"matchCriteriaId": "90DC5234-7C92-48D9-B1B1-05DB777068CB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.4",
"versionEndExcluding": "7.4.19",
"matchCriteriaId": "D71AF224-1C94-4B65-9060-41D2B14FCB15"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0",
"versionEndExcluding": "8.0.15",
"matchCriteriaId": "09FF885C-11CD-40BB-B31C-C6A09E5EF1B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.1",
"versionEndExcluding": "8.1.11",
"matchCriteriaId": "ECEB192A-37F7-482D-BAEE-6F857854B1C1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.2",
"versionEndExcluding": "8.2.6",
"matchCriteriaId": "EC882AEF-C3B0-4E09-8075-5A42A383CB3F"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7"
}
]
}
]
}
],
"references": [
{
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://osvdb.org/40899",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/28376",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/28437",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/28438",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/28445",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/28454",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/28477",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/28479",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/28679",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/29638",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://security.gentoo.org/glsa/glsa-200801-15.xml",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.debian.org/security/2008/dsa-1460",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.debian.org/security/2008/dsa-1463",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:188",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.redhat.com/support/errata/RHSA-2008-0038.html",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.redhat.com/support/errata/RHSA-2008-0039.html",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.redhat.com/support/errata/RHSA-2008-0040.html",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.securityfocus.com/archive/1/471541/100/0/threaded",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securityfocus.com/archive/1/471644/100/0/threaded",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.vupen.com/english/advisories/2008/0109",
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
]
},
{
"url": "http://www.vupen.com/english/advisories/2008/1071/references",
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35142",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10334",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://usn.ubuntu.com/568-1/",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://osvdb.org/40899",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/28376",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/28437",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/28438",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/28445",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/28454",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/28477",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/28479",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/28679",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/29638",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
]
},
{
"url": "http://security.gentoo.org/glsa/glsa-200801-15.xml",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
]
},
{
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.debian.org/security/2008/dsa-1460",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.debian.org/security/2008/dsa-1463",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:188",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.redhat.com/support/errata/RHSA-2008-0038.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.redhat.com/support/errata/RHSA-2008-0039.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.redhat.com/support/errata/RHSA-2008-0040.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.securityfocus.com/archive/1/471541/100/0/threaded",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securityfocus.com/archive/1/471644/100/0/threaded",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.vupen.com/english/advisories/2008/0109",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
]
},
{
"url": "http://www.vupen.com/english/advisories/2008/1071/references",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35142",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10334",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://usn.ubuntu.com/568-1/",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
],
"vendorComments": [
{
"organization": "Red Hat",
"comment": "Red Hat does not consider this do be a security issue. dblink is disabled in default configuration of PostgreSQL packages as shipped with Red Hat Enterprise Linux versions 2.1, 3, 4 and 5, and it is a configuration decision whether to grant local users arbitrary access.\n\nFixes to correct this bug were included in PostgreSQL updates:\nhttp:rhn.redhat.comcveCVE-2007-3278.html\n",
"lastModified": "2008-02-01T00:00:00"
}
]
}
Reference in New Issue View Git Blame Copy Permalink