Vulnerability Name:

CVE-2007-3280 (CCN-35145)

Assigned:2007-06-16
Published:2007-06-16
Updated:2018-10-16
Summary:The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access.
CVSS v3 Severity:4.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
7.5 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
4.6 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: CCN
Type: BugTraq Mailing List, Sat Jun 16 2007 - 12:11:47 CDT
Having Fun With PostgreSQL

Source: CCN
Type: BugTraq Mailing List, Mon Jun 18 2007 - 07:56:56 CDT
Re: Having Fun With PostgreSQL

Source: MITRE
Type: CNA
CVE-2007-3280

Source: OSVDB
Type: UNKNOWN
40901

Source: CCN
Type: Packetstorm Security Website
PostgreSQL for Linux Payload Execution

Source: MISC
Type: UNKNOWN
http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2007:188

Source: CCN
Type: OSVDB ID: 40901
Database Link Library (dblink) Remote Function Mapping Privilege Escalation

Source: MISC
Type: UNKNOWN
http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf

Source: CCN
Type: PostgreSQL Web site
PostgreSQL: The world's most advanced open source database

Source: BUGTRAQ
Type: UNKNOWN
20070616 Having Fun With PostgreSQL

Source: XF
Type: UNKNOWN
postgresql-dblink-command-execution(35145)

Source: XF
Type: UNKNOWN
postgresql-dblink-command-execution(35145)

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [12-13-2012]

Source: CCN
Type: Rapid7 Vulnerability and Exploit Database [06-05-2007]
PostgreSQL for Linux Payload Execution

Vulnerable Configuration:Configuration 1:
  • cpe:/a:postgresql:postgresql:8.1:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:postgresql:postgresql:8.1:*:*:*:*:*:*:*
  • AND
  • cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:x86_64:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86_64:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    postgresql postgresql 8.1
    postgresql postgresql 8.1
    mandrakesoft mandrake linux corporate server 3.0
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    mandrakesoft mandrake linux 2007.1
    mandrakesoft mandrake linux 2008.0 x86_64
    mandrakesoft mandrake linux 2007.1