CVE-2007-3280

Publication date 19 June 2007

Last updated 24 July 2024

Ubuntu priority

The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
postgresql-8.1	7.04 feisty	Not affected
	6.10 edgy	Not affected
	6.06 LTS dapper	Not affected
postgresql-8.2	7.04 feisty	Not affected
	6.10 edgy	Not in release
	6.06 LTS dapper	Not in release

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2007-3280