[Forgot Password]
Login  Register Subscribe

24003

 
 

131573

 
 

108741

 
 

909

 
 

85475

 
 

134

Paid content will be excluded from the download.


Download | Alert*
OVAL

ALAS-2017-885 ---- postgresql94 postgresql95

ID: oval:org.secpod.oval:def:1600767Date: (C)2017-09-21   (M)2018-05-06
Class: PATCHFamily: unix




pg_user_mappings view discloses passwords to users lacking server privileges:An authorization flaw was found in the way PostgreSQL handled access to the pg_user_mappings view on foreign servers. A remote authenticated attacker could potentially use this flaw to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so. Empty password accepted in some authentication methods:It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A remote attacker could potentially use this flaw to gain access to database accounts with empty passwords. lo_put function ignores ACLs:An authorization flaw was found in the way PostgreSQL handled large objects. A remote authenticated attacker with no privileges on a large object could potentially use this flaw to overwrite the entire content of the object, thus resulting in denial of service

Platform:
Amazon Linux AMI
Product:
postgresql94
postgresql95
Reference:
ALAS-2017-885
CVE-2017-7547
CVE-2017-7546
CVE-2017-7548
CVE    3
CVE-2017-7548
CVE-2017-7547
CVE-2017-7546
CPE    3
cpe:/a:postgresql:postgresql95
cpe:/a:postgresql:postgresql94
cpe:/o:amazon:linux

© SecPod Technologies