CVE-2007-6601
First published: Wed Jan 09 2008(Updated: )
The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PostgreSQL | =8.2 | |
| PostgreSQL | >=7.3.0<7.3.21 | |
| PostgreSQL | >=7.4.0<7.4.19 | |
| PostgreSQL | >=8.0.0<8.0.15 | |
| PostgreSQL | >=8.1.0<8.1.11 | |
| PostgreSQL | >=8.2.0<8.2.6 | |
| Debian | =3.1 | |
| Debian | =4.0 | |
| Fedora | =8 | |
| Fedora | =7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
- http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html
- http://secunia.com/advisories/28359
- http://secunia.com/advisories/28376
- http://secunia.com/advisories/28437
- http://secunia.com/advisories/28438
- http://secunia.com/advisories/28445
- http://secunia.com/advisories/28454
- http://secunia.com/advisories/28455
- http://secunia.com/advisories/28464
- http://secunia.com/advisories/28477
- http://secunia.com/advisories/28479
- http://secunia.com/advisories/28679
- http://secunia.com/advisories/28698
- http://secunia.com/advisories/29638
- http://security.gentoo.org/glsa/glsa-200801-15.xml
- http://securitytracker.com/id?1019157
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1
- http://www.debian.org/security/2008/dsa-1460
- http://www.debian.org/security/2008/dsa-1463
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:004
- http://www.postgresql.org/about/news.905
- http://www.redhat.com/support/errata/RHSA-2008-0038.html
- http://www.redhat.com/support/errata/RHSA-2008-0039.html
- http://www.redhat.com/support/errata/RHSA-2008-0040.html
- http://www.securityfocus.com/archive/1/485864/100/0/threaded
- http://www.securityfocus.com/archive/1/486407/100/0/threaded
- http://www.securityfocus.com/bid/27163
- http://www.vupen.com/english/advisories/2008/0061
- http://www.vupen.com/english/advisories/2008/0109
- http://www.vupen.com/english/advisories/2008/1071/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39500
- https://issues.rpath.com/browse/RPL-1768
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11127
- https://usn.ubuntu.com/568-1/
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html
Frequently Asked Questions
What is the severity of CVE-2007-6601?
CVE-2007-6601 has a high severity rating due to the potential for privilege escalation through the DBLink module.
How do I fix CVE-2007-6601?
To fix CVE-2007-6601, you should upgrade to PostgreSQL version 8.2.6 or later, 8.1.11 or later, 8.0.15 or later, 7.4.19 or later, or 7.3.21 or later.
What versions of PostgreSQL are affected by CVE-2007-6601?
CVE-2007-6601 affects PostgreSQL versions prior to 8.2.6, 8.1.11, 8.0.15, 7.4.19, and 7.3.21.
Who is at risk from CVE-2007-6601?
Organizations using vulnerable versions of PostgreSQL with local trust or ident authentication are at risk of privilege escalation from remote attackers.
What is the nature of the vulnerability in CVE-2007-6601?
CVE-2007-6601 allows remote attackers to gain elevated privileges through unspecified vectors related to the DBLink module.
- agent/references
- agent/type
- agent/remedy
- agent/weakness
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/postgresql
- canonical/postgresql
- version/postgresql/8.2
- version/postgresql/7.3.0
- version/postgresql/7.4.0
- version/postgresql/8.0.0
- version/postgresql/8.1.0
- version/postgresql/8.2.0
- vendor/debian
- canonical/debian
- version/debian/3.1
- version/debian/4.0
- vendor/fedoraproject
- canonical/fedora
- version/fedora/8
- version/fedora/7