CVE-2007-3278

Public Date:
2007-06-16
Bugzilla:
309141: CVE-2007-3278 dblink allows proxying of database connections via 127.0.0.1

The MITRE CVE dictionary describes this issue as:

PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1.

Find out more about CVE-2007-3278 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

Red Hat does not consider this do be a security issue. dblink is disabled in default configuration of PostgreSQL packages as shipped with Red Hat Enterprise Linux versions 2.1, 3, 4 and 5, and it is a configuration decision whether to grant local users arbitrary access.

Fixes to correct this bug were included in PostgreSQL updates:
https://rhn.redhat.com/cve/CVE-2007-3278.html

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (postgresql) RHSA-2008:0038 2008-01-11
Red Hat Enterprise Linux 4 (postgresql) RHSA-2008:0038 2008-01-11
Red Hat Enterprise Linux 3 (rh-postgresql) RHSA-2008:0039 2008-01-11
Red Hat Application Stack v1 for Enterprise Linux AS (v.4) (postgresql) RHSA-2008:0040 2008-02-01
Red Hat Application Stack v2 for Enterprise Linux (v.5) (postgresql) RHSA-2008:0040 2008-02-01

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.