Launchpad.net

CVE 2007-3278

PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1.

Related bugs and status

CVE-2007-3278 (Candidate) is related to these bugs:

Bug #181720: [postgresql] multiple vulnerabilities

		In	Importance	Status
181720	[postgresql] multiple vulnerabilities	postgresql (Ubuntu)	High	Fix Released
181720	[postgresql] multiple vulnerabilities	postgresql (Ubuntu Dapper)	Undecided	Fix Released
181720	[postgresql] multiple vulnerabilities	postgresql (Ubuntu Edgy)	Undecided	Fix Released
181720	[postgresql] multiple vulnerabilities	postgresql (Ubuntu Feisty)	Undecided	Fix Released
181720	[postgresql] multiple vulnerabilities	postgresql (Ubuntu Gutsy)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

BUGTRAQ: 20070618 Re: Having Fu...
MISC: http://www.leidecker.i...
MISC: http://www.portcullis....
MANDRIVA: MDKSA-2007:188
DEBIAN: DSA-1460
REDHAT: RHSA-2008:0038
REDHAT: RHSA-2008:0039
SUNALERT: 103197
SECUNIA: 28376
SECUNIA: 28438
SECUNIA: 28445
SECUNIA: 28437
SECUNIA: 28454
DEBIAN: DSA-1463
SECUNIA: 28477
SECUNIA: 28479
GENTOO: GLSA-200801-15
SECUNIA: 28679
REDHAT: RHSA-2008:0040
SUNALERT: 200559
HP: HPSBTU02325
HP: SSRT080006
SECUNIA: 29638
OSVDB: 40899
VUPEN: ADV-2008-0109
VUPEN: ADV-2008-1071
XF: postgresql-dblink-sql-...
OVAL: oval:org.mitre.oval:de...
UBUNTU: USN-568-1
BUGTRAQ: 20070616 Having Fun Wi...