CVE-2007-3280

NameCVE-2007-3280
DescriptionThe Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
postgresql-8.1source(unstable)(not affected)
postgresql-8.2source(unstable)(not affected)

Notes

- postgresql-8.1 <not-affected> (Neither PL/pgsql nor dblink are enabled by default)
- postgresql-8.2 <not-affected> (Neither PL/pgsql nor dblink are enabled by default)

Search for package or bug name: Reporting problems