[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

112965

 
 

909

 
 

87888

 
 

136

Paid content will be excluded from the download.


Download | Alert*
OVAL

ALAS-2017-908 ---- postgresql96

ID: oval:org.secpod.oval:def:1600792Date: (C)2017-10-13   (M)2018-07-18
Class: PATCHFamily: unix




The pg_user_mappings view discloses passwords to users lacking server privileges:An authorization flaw was found in the way PostgreSQL handled access to the pg_user_mappings view on foreign servers. A remote authenticated attacker could potentially use this flaw to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so. Empty password accepted in some authentication methods:It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A remote attacker could potentially use this flaw to gain access to database accounts with empty passwords

Platform:
Amazon Linux AMI
Product:
postgresql96
Reference:
ALAS-2017-908
CVE-2017-7547
CVE-2017-7546
CVE    2
CVE-2017-7547
CVE-2017-7546
CPE    20
cpe:/a:postgresql:postgresql:9.2.7
cpe:/a:postgresql:postgresql:9.4.5
cpe:/a:postgresql:postgresql:9.3.3
cpe:/a:postgresql:postgresql:9.3.2
...

© SecPod Technologies