Lucene search

K

[email protected]NVD:CVE-2007-3279

HistoryJun 19, 2007 - 9:30 p.m.

CVE-2007-3279

2007-06-1921:30:00

[email protected]

web.nvd.nist.gov

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.8 Medium

AI Score

Confidence

Low

0.019 Low

EPSS

Percentile

88.6%

PostgreSQL 8.1 and probably later versions, when the PL/pgSQL (plpgsql) language has been created, grants certain plpgsql privileges to the PUBLIC domain, which allows remote attackers to create and execute functions, as demonstrated by functions that perform local brute-force password guessing attacks, which may evade intrusion detection.

Affected configurations

NVD

Node

postgresqlpostgresqlMatch8.1

References

osvdb.org/40900

www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt

www.mandriva.com/security/advisories?name=MDKSA-2007:188

www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf

www.securityfocus.com/archive/1/471541/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/35144

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.8 Medium

AI Score

Confidence

Low

0.019 Low

EPSS

Percentile

88.6%

Related for NVD:CVE-2007-3279

ubuntucve1 prion1 cve1 redhatcve1 cvelist1 openvas2 nessus1 securityvulns2