PT-2017-2779 · Postgresql+5 · Postgresql+5

Publicado

2017-05-04

·

Atualizado

2026-01-30

·

CVE-2017-7547

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 9.2.22 PostgreSQL versions prior to 9.3.18 PostgreSQL versions prior to 9.4.13 PostgreSQL versions prior to 9.5.8 PostgreSQL versions prior to 9.6.4
Description The issue is caused by weaknesses in the authorization procedure of the PostgreSQL database management system. Exploitation of this flaw may allow a remote attacker to obtain passwords without having the necessary privileges. The pg user mappings view discloses passwords to users who lack server privileges.
Recommendations For versions prior to 9.2.22, update to version 9.2.22 or later. For versions prior to 9.3.18, update to version 9.3.18 or later. For versions prior to 9.4.13, update to version 9.4.13 or later. For versions prior to 9.5.8, update to version 9.5.8 or later. For versions prior to 9.6.4, update to version 9.6.4 or later.

Correção

Insufficiently Protected Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-522

Identificadores relacionados

ALT-PU-2017-2006
ALT-PU-2017-2007
ALT-PU-2017-2008
ALT-PU-2017-2009
ALT-PU-2017-2010
BDU:2017-02037
CESA-2017_2728
CLEANSTART-2026-FW42039
CLEANSTART-2026-HJ04971
CVE-2017-7547
DLA-1051-1
DSA-3935-1
DSA-3936-1
MGASA-2017-0316
OPENSUSE-SU-2017_2306-1
OPENSUSE-SU-2017_2391-1
OPENSUSE-SU-2017_2392-1
OPENSUSE-SU-2018_0529-1
RHSA-2017:2677
RHSA-2017:2678
RHSA-2017:2728
RHSA-2017_2728
SUSE-SU-2017:2236-1
SUSE-SU-2017:2258-1
SUSE-SU-2017:2355-1
SUSE-SU-2017:2356-1
USN-3390-1

Produtos afetados

Alt Linux
Centos
Postgresql
Red Hat
Suse
Ubuntu