CVE-2007-3279 Information
Share on:
Feb 14, 2021
cve
Description
PostgreSQL 8.1 and probably later versions when the PL/pgSQL (plpgsql) language has been created grants certain plpgsql privileges to the PUBLIC domain which allows remote attackers to create and execute functions as demonstrated by functions that perform local brute-force password guessing attacks which may evade intrusion detection.
Reference
http://osvdb.org/40900 http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt http://www.mandriva.com/security/advisories?name=MDKSA-2007:188 http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf http://www.securityfocus.com/archive/1/471541/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/35144