{
  "threat_severity" : "Moderate",
  "public_date" : "2008-01-07T00:00:00Z",
  "bugzilla" : {
    "description" : "PostgreSQL privilege escalation via dblink",
    "id" : "427128",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=427128"
  },
  "details" : [ "The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors.  NOTE: this issue exists because of an incomplete fix for CVE-2007-3278." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 3",
    "release_date" : "2008-01-11T00:00:00Z",
    "advisory" : "RHSA-2008:0039",
    "cpe" : "cpe:/o:redhat:enterprise_linux:3",
    "package" : "rh-postgresql-0:7.3.21-1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 4",
    "release_date" : "2008-01-11T00:00:00Z",
    "advisory" : "RHSA-2008:0038",
    "cpe" : "cpe:/o:redhat:enterprise_linux:4",
    "package" : "postgresql-0:7.4.19-1.el4_6.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2008-01-11T00:00:00Z",
    "advisory" : "RHSA-2008:0038",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "postgresql-0:8.1.11-1.el5_1.1"
  }, {
    "product_name" : "Red Hat Web Application Stack for RHEL 4",
    "release_date" : "2008-02-01T00:00:00Z",
    "advisory" : "RHSA-2008:0040",
    "cpe" : "cpe:/a:redhat:rhel_application_stack:1",
    "package" : "postgresql-0:8.1.11-1.el4s1.1"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2007-6601\nhttps://nvd.nist.gov/vuln/detail/CVE-2007-6601" ],
  "name" : "CVE-2007-6601",
  "csaw" : false
}