First published: Tue Jun 19 2007(Updated: )
PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
PostgreSQL PostgreSQL | >=7.4<7.4.19 | |
PostgreSQL PostgreSQL | >=8.0<8.0.15 | |
PostgreSQL PostgreSQL | >=8.1<8.1.11 | |
PostgreSQL PostgreSQL | >=8.2<8.2.6 | |
PostgreSQL PostgreSQL | >=7.3<7.3.21 | |
Debian Debian Linux | =3.1 | |
Debian Debian Linux | =4.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.