Description

The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278.

References

• BID-27163
• BID-34090
• BID-36314
• BID-46084
• CVE-2007-3278
• CVE-2007-4769
• CVE-2007-4772
• CVE-2007-6067
• CVE-2007-6600
• CVE-2007-6601
• CVE-2009-0922
• CVE-2009-3229
• CVE-2009-3230
• CVE-2009-3231
• CVE-2010-4015
• DEBIAN-DSA-1460
• DEBIAN-DSA-1463
• DEBIAN-DSA-1900
• DEBIAN-DSA-2157
• OVAL-OVAL10166
• OVAL-OVAL10235
• OVAL-OVAL10334
• OVAL-OVAL10493
• OVAL-OVAL10874
• OVAL-OVAL11127
• OVAL-OVAL11569
• OVAL-OVAL6252
• OVAL-OVAL9804
• REDHAT-RHSA-2008:0038
• REDHAT-RHSA-2008:0039
• REDHAT-RHSA-2008:0040
• REDHAT-RHSA-2008:0134
• REDHAT-RHSA-2009:1067
• REDHAT-RHSA-2011:0197
• REDHAT-RHSA-2011:0198
• REDHAT-RHSA-2013:0122
• SUNPATCH-136998-10
• SUSE-SUSE-SA:2008:005
• XF-35142
• XF-39496
• XF-39497
• XF-39498
• XF-39499
• XF-39500
• XF-65060

Solution

Related Vulnerabilities

• SUSE Linux Security Vulnerability: CVE-2009-3231
• SUSE Linux Security Vulnerability: CVE-2007-6067
• PostgreSQL DBLink Privilege Escalation
• RHSA-2009:1485: postgresql security update
• RHSA-2009:1067: Red Hat Application Stack v2.3 security and enhancement update
• Gentoo Linux: CVE-2009-3230: PostgreSQL: Multiple vulnerabilities
• Gentoo Linux: CVE-2007-4769: PostgreSQL: Multiple vulnerabilities
• PostgreSQL class D vulnerability in core server: CVE-2009-0922
• Cent OS: CVE-2010-4015: CESA-2011:0198 (postgresql84)
• Sun Patch: SunOS 5.10: PostgreSQL 8.3 source code patch
• Sun Patch: SunOS 5.10: PostgreSQL 8.2 source code patch
• ELSA-2009-1485 Moderate: Enterprise Linux postgresql security update
• RHSA-2008:0040: postgresql security update
• RHSA-2008:0038: postgresql security update
• SUSE Linux Security Vulnerability: CVE-2007-4769
• Sun Patch: SunOS 5.10_x86: PostgreSQL 8.3 documentation patch
• Gentoo Linux: CVE-2007-6067: PostgreSQL: Multiple vulnerabilities
• ELSA-2011-0198 Moderate: Oracle Linux postgresql84 security update
• RHSA-2008:0039: postgresql security update
• ELSA-2013-0122 Moderate: Oracle Linux tcl security and bug fix update
• PostgreSQL class C vulnerability in core server: CVE-2009-3230
• USN-753-1: PostgreSQL vulnerability
• Cent OS: CVE-2009-0922: CESA-2009:1484 (postgresql)
• SUSE Linux Security Advisory: SUSE-SR:2011:005
• SUSE Linux Security Vulnerability: CVE-2007-6601
• Gentoo Linux: CVE-2009-3229: PostgreSQL: Multiple vulnerabilities
• Gentoo Linux: CVE-2007-3278: PostgreSQL: Multiple vulnerabilities
• Cent OS: CVE-2007-6067: CESA-2013:0122 (tcl)
• ELSA-2010-0428 Moderate: Enterprise Linux postgresql security update
• ELSA-2008-0134 Moderate: Enterprise Linux tcltk security update
• Sun Patch: SunOS 5.10_x86: PostgreSQL 8.2 source code patch
• SUSE Linux Security Vulnerability: CVE-2009-3229
• Sun Patch: SunOS 5.10_x86: PostgreSQL 8.3 source code patch
• ELSA-2011-0197 Moderate: Oracle Linux postgresql security update
• RHSA-2013:0122: tcl security and bug fix update
• Cent OS: CVE-2007-4772: CESA-2013:0122 (tcl)
• PostgreSQL Regular Expression Memory Exhaustion Denial-of-Service
• SUSE-SA:2008:005: PostgreSQL security issues
• Sun Patch: SunOS 5.10_x86: PostgreSQL 8.2 core patch
• PostgreSQL class C vulnerability in contrib module: CVE-2010-4015
• ELSA-2008-0038 Moderate: Enterprise Linux postgresql security update
• Sun Patch: SunOS 5.10: PostgresSQL patch
• RHSA-2009:1484: postgresql security update
• Sun Patch: SunOS 5.10_x86: PostgresSQL patch
• RHSA-2011:0198: postgresql84 security update
• PostgreSQL Index Functions Privilege Escalation
• CESA-2008:0039: postgresql security update
• Sun Patch: SunOS 5.10_x86: PostgreSQL 8.3 core patch
• RHSA-2009:1461: Red Hat Application Stack v2.4 security and enhancement update
• SUSE Linux Security Vulnerability: CVE-2007-6600
• SUSE Linux Security Vulnerability: CVE-2007-4772
• Cent OS: CVE-2009-3230: CESA-2009:1484 (postgresql)
• FreeBSD: postgresql -- multiple vulnerabilities (Multiple CVEs)
• SUSE Linux Security Vulnerability: CVE-2009-0922
• ELSA-2009-1484 Moderate: Enterprise Linux postgresql security update
• SUSE Linux Security Advisory: SUSE-SR:2009:009
• PostgreSQL class A vulnerability in core server: CVE-2009-3231
• Sun Patch: SunOS 5.10: PostgreSQL 8.3 documentation patch
• Gentoo Linux: CVE-2007-4772: PostgreSQL: Multiple vulnerabilities
• RHSA-2008:0134: tcltk security update
• SUSE Linux Security Advisory: SUSE-SR:2009:016
• Sun Patch: SunOS 5.10: PostgreSQL 8.2 documentation patch
• VMSA-2008-0009.2: Security update (CVE-2007-4772)
• PostgreSQL class D vulnerability in core server: CVE-2009-3229
• USN-1058-1: PostgreSQL vulnerability
• USN-834-1: PostgreSQL vulnerabilities
• Gentoo Linux: CVE-2010-4015: PostgreSQL: Multiple vulnerabilities
• SUSE Linux Security Vulnerability: CVE-2010-4015
• Gentoo Linux: CVE-2007-6600: PostgreSQL: Multiple vulnerabilities
• USN-568-1: PostgreSQL vulnerabilities
• Gentoo Linux: CVE-2009-3231: PostgreSQL: Multiple vulnerabilities
• Sun Patch: SunOS 5.10_x86: PostgreSQL 8.2 documentation patch
• SUSE Linux Security Advisory: SUSE-SA:2008:005
• SUSE Linux Security Advisory: SUSE-SR:2009:017
• RHSA-2011:0197: postgresql security update
• PostgreSQL Regular Expression Out-of-band Memory Read Denial-of-Service
• PostgreSQL Regular Expression Infinite Loop Denial-of-Service
• Gentoo Linux: CVE-2009-0922: PostgreSQL: Multiple vulnerabilities
• ELSA-2008-0039 Moderate: Enterprise Linux postgresql security update
• CESA-2008:0134: tcltk security update
• SUSE Linux Security Vulnerability: CVE-2009-3230
• Gentoo Linux: CVE-2007-6601: PostgreSQL: Multiple vulnerabilities
• CESA-2008:0038: RHSA-2008:0038
• Sun Patch: SunOS 5.10: PostgreSQL 8.3 core patch