[Forgot Password]
Login  Register Subscribe

23631

 
 

126951

 
 

99602

 
 

909

 
 

80130

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

ALAS-2017-884 ---- postgresql93 postgresql92

ID: oval:org.secpod.oval:def:1600765Date: (C)2017-09-21   (M)2018-01-02
Class: PATCHFamily: unix




pg_user_mappings view discloses passwords to users lacking server privileges:An authorization flaw was found in the way PostgreSQL handled access to the pg_user_mappings view on foreign servers. A remote authenticated attacker could potentially use this flaw to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so. Empty password accepted in some authentication methods:It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A remote attacker could potentially use this flaw to gain access to database accounts with empty passwords

Platform:
Amazon Linux AMI
Product:
postgresql93
postgresql92
Reference:
ALAS-2017-884
CVE-2017-7547
CVE-2017-7546
CVE    2
CVE-2017-7547
CVE-2017-7546
CPE    19
cpe:/a:postgresql:postgresql93
cpe:/a:postgresql:postgresql92
cpe:/o:amazon:linux
cpe:/a:postgresql:postgresql:9.4.5
...

© 2013 SecPod Technologies