Vulnerability Details CVE-2007-3279
PostgreSQL 8.1 and probably later versions, when the PL/pgSQL (plpgsql) language has been created, grants certain plpgsql privileges to the PUBLIC domain, which allows remote attackers to create and execute functions, as demonstrated by functions that perform local brute-force password guessing attacks, which may evade intrusion detection.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.024
EPSS Ranking 84.4%
CVSS Severity
CVSS v2 Score 10.0
References
- http://osvdb.org/40900
- http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:188
- http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf
- http://www.securityfocus.com/archive/1/471541/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35144
- http://osvdb.org/40900
- http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:188
- http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf
- http://www.securityfocus.com/archive/1/471541/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35144
Products affected by CVE-2007-3279
-
cpe:2.3:a:postgresql:postgresql:8.1