Информационная безопасность
[RU] switch to English


Многочисленные уязвимости в библиотеке PostgreSQL dblink (multiple bugs)
Опубликовано:26 сентября 2007 г.
Источник:
SecurityVulns ID:8191
Тип:библиотека
Уровень опасности:
6/10
Описание:Повышение привилегий.
Затронутые продукты:POSTGRES : PostgreSQL 8.1
CVE:CVE-2007-3280 (The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access.)
 CVE-2007-3279 (PostgreSQL 8.1 and probably later versions, when the PL/pgSQL (plpgsql) language has been created, grants certain plpgsql privileges to the PUBLIC domain, which allows remote attackers to create and execute functions, as demonstrated by functions that perform local brute-force password guessing attacks, which may evade intrusion detection.)
 CVE-2007-3278 (PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1.)
Оригинальный текстdocumentMANDRIVA, [ MDKSA-2007:188 ] - Updated postgresql packages prevent access abuse using dblink (26.09.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород