PT-2017-3884 · Postgresql+3 · Postgresql+3

Andrew Wheelwright

Publicado

2017-05-11

Atualizado

2026-01-30

CVE-2017-7486

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions PostgreSQL versions 8.4 through 9.6

Description The issue is related to insufficient protection of registration data in the pg user mappings component of the PostgreSQL database management system. This can be exploited by a remote attacker with USAGE privileges to gain access to the credentials of a third-party server. The pg user mappings view leaks foreign server passwords to any user with USAGE privilege on the associated foreign server.

Recommendations For PostgreSQL versions 8.4 through 9.6, restrict access to the pg user mappings view to minimize the risk of exploitation. As a temporary workaround, consider revoking USAGE privileges on foreign servers from untrusted users until a patch is available.

Correção

Insufficiently Protected Credentials

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-522CWE-200

Identificadores relacionados

BDU:2019-04175

CESA-2017_1983

CLEANSTART-2026-FW42039

CLEANSTART-2026-HJ04971

CVE-2017-7486

DLA-1051-1

DSA-3851-1

MGASA-2017-0230

RHSA-2017:1677

RHSA-2017:1678

RHSA-2017:1838

RHSA-2017:1983

RHSA-2017:2425

RHSA-2017_1983

SUSE-SU-2017:1441-1

SUSE-SU-2017:1690-1

SUSE-SU-2017:1783-1

Produtos afetados

Centos

Postgresql

Red Hat

Suse

PT-2017-3884 · Postgresql+3 · Postgresql+3

CVE-2017-7486

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 121