NVD脆弱性詳細

CVE-2007-3278

概要	PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1.
概要	PostgreSQL 8.1 y probablemente versiones posteriores, cuando la autenticación de confianza local está habilitada y la librería de enlace a base de datos (Database Link Library (dblink) está instalada, permite a atacantes remotos acceder a cuentas de su elección y ejecutar peticiones SQL mediante un parámetro host de dblink que hace de proxy de la conexión desde 127.0.0.1.
公表日	2007年6月20日6:30
登録日	2021年1月29日14:14
最終更新日	2026年4月23日9:35

CVSS2.0 : MEDIUM
スコア	6.9
ベクター	AV:L/AC:M/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
全ての特権を取得	はい
ユーザー権限を取得	いいえ
その他の権限を取得	いいえ
ユーザー操作が必要	いいえ

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:postgresql:postgresql::::::::	7.3			7.3.21
cpe:2.3:a:postgresql:postgresql::::::::	7.4			7.4.19
cpe:2.3:a:postgresql:postgresql::::::::	8.0			8.0.15
cpe:2.3:a:postgresql:postgresql::::::::	8.1			8.1.11
cpe:2.3:a:postgresql:postgresql::::::::	8.2			8.2.6
cpe:2.3:o:debian:debian_linux:3.1:::::::*
cpe:2.3:o:debian:debian_linux:4.0:::::::*

関連情報、対策とツール

No	URL	refsource
1	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154	cve@mitre.org
2	http://osvdb.org/40899	cve@mitre.org
3	http://secunia.com/advisories/28376	cve@mitre.org
4	http://secunia.com/advisories/28437	cve@mitre.org
5	http://secunia.com/advisories/28438	cve@mitre.org
6	http://secunia.com/advisories/28445	cve@mitre.org
7	http://secunia.com/advisories/28454	cve@mitre.org
8	http://secunia.com/advisories/28477	cve@mitre.org
9	http://secunia.com/advisories/28479	cve@mitre.org
10	http://secunia.com/advisories/28679	cve@mitre.org
11	http://secunia.com/advisories/29638	cve@mitre.org
12	http://security.gentoo.org/glsa/glsa-200801-15.xml	cve@mitre.org
13	http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1	cve@mitre.org
14	http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1	cve@mitre.org
15	http://www.debian.org/security/2008/dsa-1460	cve@mitre.org
16	http://www.debian.org/security/2008/dsa-1463	cve@mitre.org
17	http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt	cve@mitre.org
18	http://www.mandriva.com/security/advisories?name=MDKSA-2007:188	cve@mitre.org
19	http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf	cve@mitre.org
20	http://www.redhat.com/support/errata/RHSA-2008-0038.html	cve@mitre.org
21	http://www.redhat.com/support/errata/RHSA-2008-0039.html	cve@mitre.org
22	http://www.redhat.com/support/errata/RHSA-2008-0040.html	cve@mitre.org
23	http://www.securityfocus.com/archive/1/471541/100/0/threaded	cve@mitre.org
24	http://www.securityfocus.com/archive/1/471644/100/0/threaded	cve@mitre.org
25	http://www.vupen.com/english/advisories/2008/0109	cve@mitre.org
26	http://www.vupen.com/english/advisories/2008/1071/references	cve@mitre.org
27	https://exchange.xforce.ibmcloud.com/vulnerabilities/35142	cve@mitre.org
28	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10334	cve@mitre.org
29	https://usn.ubuntu.com/568-1/	cve@mitre.org
30	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154	af854a3a-2127-422b-91ae-364da2661108
31	http://osvdb.org/40899	af854a3a-2127-422b-91ae-364da2661108
32	http://secunia.com/advisories/28376	af854a3a-2127-422b-91ae-364da2661108
33	http://secunia.com/advisories/28437	af854a3a-2127-422b-91ae-364da2661108
34	http://secunia.com/advisories/28438	af854a3a-2127-422b-91ae-364da2661108
35	http://secunia.com/advisories/28445	af854a3a-2127-422b-91ae-364da2661108
36	http://secunia.com/advisories/28454	af854a3a-2127-422b-91ae-364da2661108
37	http://secunia.com/advisories/28477	af854a3a-2127-422b-91ae-364da2661108
38	http://secunia.com/advisories/28479	af854a3a-2127-422b-91ae-364da2661108
39	http://secunia.com/advisories/28679	af854a3a-2127-422b-91ae-364da2661108
40	http://secunia.com/advisories/29638	af854a3a-2127-422b-91ae-364da2661108
41	http://security.gentoo.org/glsa/glsa-200801-15.xml	af854a3a-2127-422b-91ae-364da2661108
42	http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1	af854a3a-2127-422b-91ae-364da2661108
43	http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1	af854a3a-2127-422b-91ae-364da2661108
44	http://www.debian.org/security/2008/dsa-1460	af854a3a-2127-422b-91ae-364da2661108
45	http://www.debian.org/security/2008/dsa-1463	af854a3a-2127-422b-91ae-364da2661108
46	http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt	af854a3a-2127-422b-91ae-364da2661108
47	http://www.mandriva.com/security/advisories?name=MDKSA-2007:188	af854a3a-2127-422b-91ae-364da2661108
48	http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf	af854a3a-2127-422b-91ae-364da2661108
49	http://www.redhat.com/support/errata/RHSA-2008-0038.html	af854a3a-2127-422b-91ae-364da2661108
50	http://www.redhat.com/support/errata/RHSA-2008-0039.html	af854a3a-2127-422b-91ae-364da2661108
51	http://www.redhat.com/support/errata/RHSA-2008-0040.html	af854a3a-2127-422b-91ae-364da2661108
52	http://www.securityfocus.com/archive/1/471541/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
53	http://www.securityfocus.com/archive/1/471644/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
54	http://www.vupen.com/english/advisories/2008/0109	af854a3a-2127-422b-91ae-364da2661108
55	http://www.vupen.com/english/advisories/2008/1071/references	af854a3a-2127-422b-91ae-364da2661108
56	https://exchange.xforce.ibmcloud.com/vulnerabilities/35142	af854a3a-2127-422b-91ae-364da2661108
57	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10334	af854a3a-2127-422b-91ae-364da2661108
58	https://usn.ubuntu.com/568-1/	af854a3a-2127-422b-91ae-364da2661108

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-264	認可・権限・アクセス制御	https://cwe.mitre.org/data/definitions/264.html