CVE-2007-3279

NameCVE-2007-3279
DescriptionPostgreSQL 8.1 and probably later versions, when the PL/pgSQL (plpgsql) language has been created, grants certain plpgsql privileges to the PUBLIC domain, which allows remote attackers to create and execute functions, as demonstrated by functions that perform local brute-force password guessing attacks, which may evade intrusion detection.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
postgresql-8.1source(unstable)(not affected)
postgresql-8.2source(unstable)(not affected)

Notes

- postgresql-8.1 <not-affected> (Neither PL/pgsql nor dblink are enabled by default)
- postgresql-8.2 <not-affected> (Neither PL/pgsql nor dblink are enabled by default)

Search for package or bug name: Reporting problems