{
  "public_date" : "2007-06-16T00:00:00Z",
  "bugzilla" : {
    "description" : "dblink allows proxying of database connections via 127.0.0.1",
    "id" : "309141",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=309141"
  },
  "details" : [ "PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1." ],
  "statement" : "Red Hat does not consider this do be a security issue. dblink is disabled in default configuration of PostgreSQL packages as shipped with Red Hat Enterprise Linux versions 2.1, 3, 4 and 5, and it is a configuration decision whether to grant local users arbitrary access.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 3",
    "release_date" : "2008-01-11T00:00:00Z",
    "advisory" : "RHSA-2008:0039",
    "cpe" : "cpe:/o:redhat:enterprise_linux:3",
    "package" : "rh-postgresql-0:7.3.21-1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 4",
    "release_date" : "2008-01-11T00:00:00Z",
    "advisory" : "RHSA-2008:0038",
    "cpe" : "cpe:/o:redhat:enterprise_linux:4",
    "package" : "postgresql-0:7.4.19-1.el4_6.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2008-01-11T00:00:00Z",
    "advisory" : "RHSA-2008:0038",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "postgresql-0:8.1.11-1.el5_1.1"
  }, {
    "product_name" : "Red Hat Web Application Stack for RHEL 4",
    "release_date" : "2008-02-01T00:00:00Z",
    "advisory" : "RHSA-2008:0040",
    "cpe" : "cpe:/a:redhat:rhel_application_stack:1",
    "package" : "postgresql-0:8.1.11-1.el4s1.1"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2007-3278\nhttps://nvd.nist.gov/vuln/detail/CVE-2007-3278" ],
  "name" : "CVE-2007-3278",
  "csaw" : false
}