CVEブラウザに戻る

CVE-2007-3279

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.2000%

EPSS Percentile23.29th

Published2007年6月19日

Last Modified2026年4月23日

Vulnerability Description

PostgreSQL 8.1 and probably later versions, when the PL/pgSQL (plpgsql) language has been created, grants certain plpgsql privileges to the PUBLIC domain, which allows remote attackers to create and execute functions, as demonstrated by functions that perform local brute-force password guessing attacks, which may evade intrusion detection.

Affected Platforms (CPE)

📦

Postgresql

Postgresql

= 8.1

References & Advisories

🔗 http://osvdb.org/40900

🔗 http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt

🔗 http://www.mandriva.com/security/advisories?name=MDKSA-2007:188

🔗 http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf

🔗 http://www.securityfocus.com/archive/1/471541/100/0/threaded

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/35144

🔗 http://osvdb.org/40900

🔗 http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt

関連する脆弱性情報

CVE-2003-050010.0

SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote a...

CVE-2005-365610.0

Multiple format string vulnerabilities in logging functions in mod_auth_pgsql before 2.0.3, when used for user authentication agai...

CVE-2002-139910.0

Unknown vulnerability in cash_out and possibly other functions in PostgreSQL 7.2.1 and earlier, and possibly later versions before...

CVE-2013-190210.0

PostgreSQL, 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 generates in...