PT-2017-2780 · Postgresql+4 · Postgresql+4

Publicado

2017-05-04

·

Atualizado

2026-01-30

·

CVE-2017-7546

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 9.2.22 PostgreSQL versions prior to 9.3.18 PostgreSQL versions prior to 9.4.13 PostgreSQL versions prior to 9.5.8 PostgreSQL versions prior to 9.6.4
Description The issue is related to incorrect authentication in PostgreSQL, allowing remote attackers to gain access to database accounts with an empty password. This is due to flaws in the authentication procedure. The exploitation of this issue can enable a remote attacker to access a database account that has an empty password.
Recommendations For versions prior to 9.2.22, update to version 9.2.22 or later. For versions prior to 9.3.18, update to version 9.3.18 or later. For versions prior to 9.4.13, update to version 9.4.13 or later. For versions prior to 9.5.8, update to version 9.5.8 or later. For versions prior to 9.6.4, update to version 9.6.4 or later.

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

BDU:2017-02038
CESA-2017_2728
CESA-2017_2860
CLEANSTART-2026-FW42039
CLEANSTART-2026-HJ04971
CVE-2017-7546
DLA-1051-1
DSA-3935-1
DSA-3936-1
MGASA-2017-0316
OPENSUSE-SU-2017_2306-1
OPENSUSE-SU-2017_2391-1
OPENSUSE-SU-2017_2392-1
OPENSUSE-SU-2018_0529-1
RHSA-2017:2677
RHSA-2017:2678
RHSA-2017:2728
RHSA-2017:2860
RHSA-2017_2728
RHSA-2017_2860
SUSE-SU-2017:2236-1
SUSE-SU-2017:2258-1
SUSE-SU-2017:2355-1
SUSE-SU-2017:2356-1
SUSE-SU-2017_2236-1
SUSE-SU-2017_2258-1
SUSE-SU-2017_2355-1
SUSE-SU-2017_2356-1
USN-3390-1

Produtos afetados

Centos
Postgresql
Red Hat
Suse
Ubuntu