Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2007-6601

The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278.

Published

2008-01-09T21:46:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.2 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
CWE-287

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	postgresql	postgresql	< 7.3.21	Yes
Application	postgresql	postgresql	< 7.4.19	Yes
Application	postgresql	postgresql	< 8.0.15	Yes
Application	postgresql	postgresql	< 8.1.11	Yes
Application	postgresql	postgresql	< 8.2.6	Yes
Application	postgresql	postgresql	8.2	Yes
Operating System	debian	debian_linux	3.1	Yes
Operating System	debian	debian_linux	4.0	Yes
Operating System	fedoraproject	fedora	7	Yes
Operating System	fedoraproject	fedora	8	Yes

References

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 Broken Link ([email protected])
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 Broken Link ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html Broken Link ([email protected])
http://secunia.com/advisories/28359 Not Applicable, Vendor Advisory ([email protected])
http://secunia.com/advisories/28376 Not Applicable ([email protected])
http://secunia.com/advisories/28437 Not Applicable ([email protected])
http://secunia.com/advisories/28438 Not Applicable ([email protected])
http://secunia.com/advisories/28445 Not Applicable ([email protected])
http://secunia.com/advisories/28454 Not Applicable ([email protected])
http://secunia.com/advisories/28455 Not Applicable ([email protected])
http://secunia.com/advisories/28464 Not Applicable ([email protected])
http://secunia.com/advisories/28477 Not Applicable ([email protected])
http://secunia.com/advisories/28479 Not Applicable ([email protected])
http://secunia.com/advisories/28679 Not Applicable ([email protected])
http://secunia.com/advisories/28698 Not Applicable ([email protected])
http://secunia.com/advisories/29638 Not Applicable ([email protected])
http://security.gentoo.org/glsa/glsa-200801-15.xml Third Party Advisory ([email protected])
http://securitytracker.com/id?1019157 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1 Broken Link ([email protected])
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1 Broken Link ([email protected])
http://www.debian.org/security/2008/dsa-1460 Third Party Advisory ([email protected])
http://www.debian.org/security/2008/dsa-1463 Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2008:004 Broken Link ([email protected])
http://www.postgresql.org/about/news.905 Broken Link ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-0038.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-0039.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-0040.html Third Party Advisory ([email protected])
http://www.securityfocus.com/archive/1/485864/100/0/threaded Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/archive/1/486407/100/0/threaded Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/27163 Patch, Third Party Advisory, VDB Entry ([email protected])
http://www.vupen.com/english/advisories/2008/0061 Permissions Required ([email protected])
http://www.vupen.com/english/advisories/2008/0109 Permissions Required, Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2008/1071/references Permissions Required ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/39500 Third Party Advisory, VDB Entry ([email protected])
https://issues.rpath.com/browse/RPL-1768 Broken Link ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11127 Broken Link ([email protected])
https://usn.ubuntu.com/568-1/ Broken Link ([email protected])
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html Mailing List, Third Party Advisory ([email protected])
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html Mailing List, Third Party Advisory ([email protected])
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28359 Not Applicable, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28376 Not Applicable (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28437 Not Applicable (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28438 Not Applicable (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28445 Not Applicable (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28454 Not Applicable (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28455 Not Applicable (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28464 Not Applicable (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28477 Not Applicable (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28479 Not Applicable (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28679 Not Applicable (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28698 Not Applicable (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29638 Not Applicable (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-200801-15.xml Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1019157 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2008/dsa-1460 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2008/dsa-1463 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2008:004 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.postgresql.org/about/news.905 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-0038.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-0039.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-0040.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/485864/100/0/threaded Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/486407/100/0/threaded Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/27163 Patch, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/0061 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/0109 Permissions Required, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/1071/references Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39500 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://issues.rpath.com/browse/RPL-1768 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11127 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/568-1/ Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)