Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6601

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2007-6601
Last Modified 07 Mar 2011 10:03:16
Published 09 Jan 2008 04:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2007-6601

Summary

The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278.

Vulnerable Systems

Application

  • Postgresql 7.3

  • Postgresql 7.3.1

  • Postgresql 7.3.10

  • Postgresql 7.3.11

  • Postgresql 7.3.12

  • Postgresql 7.3.13

  • Postgresql 7.3.14

  • Postgresql 7.3.15

  • Postgresql 7.3.16

  • Postgresql 7.3.19

  • Postgresql 7.3.2

  • Postgresql 7.3.3

  • Postgresql 7.3.4

  • Postgresql 7.3.6

  • Postgresql 7.3.8

  • Postgresql 7.3.9

  • Postgresql 7.4

  • Postgresql 7.4.1

  • Postgresql 7.4.10

  • Postgresql 7.4.11

  • Postgresql 7.4.12

  • Postgresql 7.4.13

  • Postgresql 7.4.14

  • Postgresql 7.4.16

  • Postgresql 7.4.17

  • Postgresql 7.4.2

  • Postgresql 7.4.3

  • Postgresql 7.4.4

  • Postgresql 7.4.5

  • Postgresql 7.4.6

  • Postgresql 7.4.7

  • Postgresql 7.4.8

  • Postgresql 7.4.9

  • Postgresql 8.0

  • Postgresql 8.0.1

  • Postgresql 8.0.11

  • Postgresql 8.0.13

  • Postgresql 8.0.2

  • Postgresql 8.0.3

  • Postgresql 8.0.317

  • Postgresql 8.0.4

  • Postgresql 8.0.5

  • Postgresql 8.0.7

  • Postgresql 8.0.8

  • Postgresql 8.0.9

  • Postgresql 8.1.1

  • Postgresql 8.1.3

  • Postgresql 8.1.4

  • Postgresql 8.1.5

  • Postgresql 8.1.7

  • Postgresql 8.1.8

  • Postgresql 8.1.9

  • Postgresql 8.2

  • Postgresql 8.2.2

  • Postgresql 8.2.3

  • Postgresql 8.2.4


References

BID - 27163

FEDORA - FEDORA-2008-0552

FEDORA - FEDORA-2008-0478

CONFIRM - https://issues.rpath.com/browse/RPL-1768

XF - postgresql-dblink-privilege-escalation(39500)

VUPEN - ADV-2008-1071

VUPEN - ADV-2008-0109

VUPEN - ADV-2008-0061

UBUNTU - USN-568-1

BUGTRAQ - 20080115 rPSA-2008-0016-1 postgresql postgresql-server

BUGTRAQ - 20080107 PostgreSQL 2007-01-07 Cumulative Security Release

REDHAT - RHSA-2008:0039

REDHAT - RHSA-2008:0038

CONFIRM - http://www.postgresql.org/about/news.905

MANDRIVA - MDVSA-2008:004

DEBIAN - DSA-1463

DEBIAN - DSA-1460

SUNALERT - 103197

SECTRACK - 1019157

GENTOO - GLSA-200801-15

SECUNIA - 28679

SECUNIA - 28479

SECUNIA - 28477

SECUNIA - 28464

SECUNIA - 28455

SECUNIA - 28454

SECUNIA - 28445

SECUNIA - 28438

SECUNIA - 28437

SECUNIA - 28376

SECUNIA - 28359

HP - HPSBTU02325

REDHAT - RHSA-2008:0040

SUNALERT - 200559

SECUNIA - 29638

SECUNIA - 28698

SUSE - SUSE-SA:2008:005

HP - SSRT080006

Related Patches

Novell SUSE 2008:4962 postgresql security update for SLE 10 SP1 i586


Last Updated: 27 May 2016 10:46:32