[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

112965

 
 

909

 
 

87854

 
 

136

Paid content will be excluded from the download.


Download | Alert*
OVAL

ALAS-2017-884 ---- postgresql93 postgresql92

ID: oval:org.secpod.oval:def:1600765Date: (C)2017-09-21   (M)2018-07-18
Class: PATCHFamily: unix




pg_user_mappings view discloses passwords to users lacking server privileges:An authorization flaw was found in the way PostgreSQL handled access to the pg_user_mappings view on foreign servers. A remote authenticated attacker could potentially use this flaw to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so. Empty password accepted in some authentication methods:It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A remote attacker could potentially use this flaw to gain access to database accounts with empty passwords

Platform:
Amazon Linux AMI
Product:
postgresql93
postgresql92
Reference:
ALAS-2017-884
CVE-2017-7547
CVE-2017-7546
CVE    2
CVE-2017-7547
CVE-2017-7546
CPE    21
cpe:/a:postgresql:postgresql92
cpe:/a:postgresql:postgresql93
cpe:/a:postgresql:postgresql:9.2.7
cpe:/a:postgresql:postgresql:9.4.5
...

© SecPod Technologies