National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2007-6601 Detail

Description

The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278.

Source:  MITRE      Last Modified:  01/09/2008

Quick Info

CVE Dictionary Entry:
CVE-2007-6601
Original release date:
01/09/2008
Last revised:
09/28/2017
Source:
US-CERT/NIST

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:
7.2 HIGH
Vector:
(AV:L/AC:L/Au:N/C:C/I:C/A:C) (legend)
Impact Subscore:
10.0
Exploitability Subscore:
3.9
CVSS Version 2 Metrics:
Access Vector:
Locally exploitable
Access Complexity:
Low
Authentication:
Not required to exploit
Impact Type:
Provides administrator access, Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 External Source HP HPSBTU02325
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html External Source SUSE SUSE-SA:2008:005
http://security.gentoo.org/glsa/glsa-200801-15.xml External Source GENTOO GLSA-200801-15
http://securitytracker.com/id?1019157 External Source SECTRACK 1019157
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1 External Source SUNALERT 103197
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1 External Source SUNALERT 200559
http://www.debian.org/security/2008/dsa-1460 External Source DEBIAN DSA-1460
http://www.debian.org/security/2008/dsa-1463 External Source DEBIAN DSA-1463
http://www.mandriva.com/security/advisories?name=MDVSA-2008:004 External Source MANDRIVA MDVSA-2008:004
http://www.postgresql.org/about/news.905 External Source CONFIRM http://www.postgresql.org/about/news.905
http://www.redhat.com/support/errata/RHSA-2008-0038.html External Source REDHAT RHSA-2008:0038
http://www.redhat.com/support/errata/RHSA-2008-0039.html External Source REDHAT RHSA-2008:0039
http://www.redhat.com/support/errata/RHSA-2008-0040.html External Source REDHAT RHSA-2008:0040
http://www.securityfocus.com/archive/1/archive/1/485864/100/0/threaded External Source BUGTRAQ 20080107 PostgreSQL 2007-01-07 Cumulative Security Release
http://www.securityfocus.com/archive/1/archive/1/486407/100/0/threaded External Source BUGTRAQ 20080115 rPSA-2008-0016-1 postgresql postgresql-server
http://www.securityfocus.com/bid/27163 Patch External Source BID 27163
http://www.ubuntulinux.org/support/documentation/usn/usn-568-1 External Source UBUNTU USN-568-1
http://www.vupen.com/english/advisories/2008/0061 External Source VUPEN ADV-2008-0061
http://www.vupen.com/english/advisories/2008/0109 External Source VUPEN ADV-2008-0109
http://www.vupen.com/english/advisories/2008/1071/references External Source VUPEN ADV-2008-1071
https://exchange.xforce.ibmcloud.com/vulnerabilities/39500 External Source XF postgresql-dblink-privilege-escalation(39500)
https://issues.rpath.com/browse/RPL-1768 External Source CONFIRM https://issues.rpath.com/browse/RPL-1768
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11127 External Source OVAL oval:org.mitre.oval:def:11127
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html External Source FEDORA FEDORA-2008-0478
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html External Source FEDORA FEDORA-2008-0552

References to Check Content

Identifier:
oval:org.mitre.oval:def:11127
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:11127

Technical Details

Vulnerability Type (View All)

Vulnerable software and versions Switch to CPE 2.2

Configuration 1
OR
cpe:2.3:a:postgresql:postgresql:7.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.6:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.8:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.9:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.10:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.11:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.12:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.13:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.14:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.15:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.16:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.19:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.5:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.6:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.7:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.8:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.9:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.10:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.11:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.12:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.13:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.14:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.16:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.17:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.7:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.8:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.9:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.11:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.13:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.317:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1.5:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1.7:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1.8:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1.9:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.2.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.2.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.2.4:*:*:*:*:*:*:*

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History 3 change records found - show changes