cbcvebase.
CVE-2007-3280
published 2007-06-19

CVE-2007-3280: The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming…

PriorityP258critical9CVSS 2.0
AVNACLAuSCCICAC
EXPLOIT
EPSS
26.13%
97.7th percentile
The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access.

Affected

1 ranges
VendorProductVersion rangeFixed in
postgresqlpostgresql

Detection & IOCsextracted from sources · hover to see the quote

path/tmp
pathlibc.so.6
  • Monitor PostgreSQL for CREATE FUNCTION statements that reference external shared library paths (especially /tmp or world-writable directories), which may indicate UDF-based exploitation.
  • Detect use of the UPDATE pg_largeobject method for binary injection of shared object files into the database, a precursor to UDF payload execution.
  • Alert on PostgreSQL UDF shared libraries loaded from /tmp, as the exploit relies on the postgres service account writing and sourcing shared objects from that directory.
  • The malicious shared object's constructor is used to execute the payload — look for unexpected child processes spawned by the PostgreSQL service process (e.g., shells or reverse-shell processes).
  • ·Red Hat explicitly does not treat this as a security vulnerability, considering superuser code execution an intended feature — deployments relying on Red Hat guidance may not have mitigations applied.
  • ·Exploitation requires a remote authenticated PostgreSQL superuser account; non-superuser accounts cannot trigger this attack path.
  • ·The attack is specific to PostgreSQL 8.1 with the dblink extension enabled; environments without dblink loaded are not directly exposed via this documented vector.

CVSS provenance

nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vendor_redhat9.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.