Your submission was sent successfully! Close

CVE-2007-3280

Published: 19 June 2007

The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access.

Priority

Unknown

Status

Package Release Status
postgresql-8.1
Launchpad, Ubuntu, Debian
dapper Not vulnerable

edgy Not vulnerable

feisty Not vulnerable

gutsy Not vulnerable

upstream Needs triage

postgresql-8.2
Launchpad, Ubuntu, Debian
dapper Does not exist

edgy Does not exist

feisty Not vulnerable

gutsy Not vulnerable

upstream Needs triage