The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Postgresql | Postgresql | 7.3.0 (including) | 7.3.21 (excluding) |
| Postgresql | Postgresql | 7.4.0 (including) | 7.4.19 (excluding) |
| Postgresql | Postgresql | 8.0.0 (including) | 8.0.15 (excluding) |
| Postgresql | Postgresql | 8.1.0 (including) | 8.1.11 (excluding) |
| Postgresql | Postgresql | 8.2.0 (including) | 8.2.6 (excluding) |
| Postgresql | Postgresql | 8.2 (including) | 8.2 (including) |
| Red Hat Enterprise Linux 3 | RedHat | rh-postgresql-0:7.3.21-1 | * |
| Red Hat Enterprise Linux 4 | RedHat | postgresql-0:7.4.19-1.el4_6.1 | * |
| Red Hat Enterprise Linux 5 | RedHat | postgresql-0:8.1.11-1.el5_1.1 | * |
| Red Hat Web Application Stack for RHEL 4 | RedHat | postgresql-0:8.1.11-1.el4s1.1 | * |
| Postgresql-8.1 | Ubuntu | dapper | * |
| Postgresql-8.1 | Ubuntu | edgy | * |
| Postgresql-8.1 | Ubuntu | feisty | * |
| Postgresql-8.1 | Ubuntu | gutsy | * |
| Postgresql-8.2 | Ubuntu | feisty | * |
| Postgresql-8.2 | Ubuntu | gutsy | * |
| Postgresql-8.2 | Ubuntu | hardy | * |