Bug 309161 (CVE-2007-3280) - CVE-2007-3280 Database superuser can execute code on behalf of postgresql server
Summary: CVE-2007-3280 Database superuser can execute code on behalf of postgresql server
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2007-3280
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://nvd.nist.gov/nvd.cfm?cvename=C...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-09-27 15:27 UTC by Lubomir Kundrak
Modified: 2007-09-27 15:29 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-09-27 15:28:42 UTC
Embargoed:

Attachments (Terms of Use)

Description Lubomir Kundrak 2007-09-27 15:27:28 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-3280 to the following vulnerability:

The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access.

References:

http://www.securityfocus.com/archive/1/archive/1/471541/100/0/threaded
http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt
http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf
Comment 2 Lubomir Kundrak 2007-09-27 15:29:44 UTC 
Red Hat does not consider this do be a security issue. Ability of the superuser
to execute code on behalf of database server is intended feature and imposes no
security threats as superuser account is restricted to database administrator.
Note You need to log in before you can comment on or make changes to this bug.