CVE-2017-7546 – postgresql: Empty password accepted in some authentication methods
https://notcve.org/view.php?id=CVE-2017-7546
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password. PostgreSQL en sus versiones anteriores a 9.2.22, 9.3.18, 9.4.13, 9.5.8 y 9.6.4 es vulnerable a un fallo de autenticación incorrecta que permite que atacantes remotos obtengan acceso a cuentas de la base de datos con una contraseña vacía. It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A remote attacker could potentially use this flaw to gain access to database accounts with empty passwords. • http://www.debian.org/security/2017/dsa-3935 http://www.debian.org/security/2017/dsa-3936 http://www.securityfocus.com/bid/100278 http://www.securitytracker.com/id/1039142 https://access.redhat.com/errata/RHSA-2017:2677 https://access.redhat.com/errata/RHSA-2017:2678 https://access.redhat.com/errata/RHSA-2017:2728 https://access.redhat.com/errata/RHSA-2017:2860 https://security.gentoo.org/glsa/201710-06 https://www.postgresql.org/about/news/1772 https://access • CWE-287: Improper Authentication •
CVE-2017-7485 – postgresql: libpq ignores PGREQUIRESSL environment variable
https://notcve.org/view.php?id=CVE-2017-7485
In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. En PostgreSQL, en versiones 9.3.x anteriores a la 9.3.17, versiones 9.4.x anteriores a la 9.4.12, versiones 9.5.x anteriores a la 9.5.7, y versiones 9.6.x anteriores a la 9.6.3, se ha descubierto que la variable de entorno PGREQUIRESSL ya no requería una conexión SSL/TLS a un servidor PostgreSQL. Un atacante Man-in-the-Middle (MitM) activo podría utilizar este fallo para eliminar la protección SSL/TLS de una conexión entre un cliente y un servidor. It was discovered that the PostgreSQL client library (libpq) did not enforce the use of TLS/SSL for a connection to a PostgreSQL server when the PGREQUIRESSL environment variable was set. • http://www.debian.org/security/2017/dsa-3851 http://www.securityfocus.com/bid/98461 http://www.securitytracker.com/id/1038476 https://access.redhat.com/errata/RHSA-2017:1677 https://access.redhat.com/errata/RHSA-2017:1678 https://access.redhat.com/errata/RHSA-2017:1838 https://access.redhat.com/errata/RHSA-2017:2425 https://security.gentoo.org/glsa/201710-06 https://www.postgresql.org/about/news/1746 https://access.redhat.com/security/cve/CVE-2017-7485 https:/ • CWE-311: Missing Encryption of Sensitive Data CWE-390: Detection of Error Condition Without Action •
CVE-2017-7484 – postgresql: Selectivity estimators bypass SELECT privilege checks
https://notcve.org/view.php?id=CVE-2017-7484
It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access. Se ha descubierto que algunas funciones de estimación de selectividad en PostgreSQL, en versiones anteriores a la 9.2.21, versiones 9.3.x anteriores a la 9.3.17, versiones 9.4.x anteriores a la 9.4.12, versiones 9.5.x anteriores a la 9.5.7 y versiones 9.6.x anteriores a la 9.6.3, no verificaban los privilegios de usuario antes de ofrecer información de pg_statistic, lo que probablemente implique un filtrado de información. Un atacante sin privilegios podría utilizar este fallo para robar información de tablas a las que, de otra forma, no tendría acceso. It was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information. • http://www.debian.org/security/2017/dsa-3851 http://www.securityfocus.com/bid/98459 http://www.securitytracker.com/id/1038476 https://access.redhat.com/errata/RHSA-2017:1677 https://access.redhat.com/errata/RHSA-2017:1678 https://access.redhat.com/errata/RHSA-2017:1838 https://access.redhat.com/errata/RHSA-2017:1983 https://access.redhat.com/errata/RHSA-2017:2425 https://security.gentoo.org/glsa/201710-06 https://www.postgresql.org/about/news/1746 https://access • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-285: Improper Authorization CWE-862: Missing Authorization •
CVE-2017-7486 – postgresql: pg_user_mappings view discloses foreign server passwords
https://notcve.org/view.php?id=CVE-2017-7486
PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server. Las versiones 8.4 a 9.6 de PostgreSQL son vulnerables a un filtrado de información en la vista pg_user_mappings que revela contraseñas de servidores extranjeros a cualquier usuario que tenga privilegio USAGE en el servidor extranjero asociado. It was found that the pg_user_mappings view could disclose information about user mappings to a foreign database to non-administrative database users. A database user with USAGE privilege for this mapping could, when querying the view, obtain user mapping data, such as the username and password used to connect to the foreign database. • http://www.debian.org/security/2017/dsa-3851 http://www.securityfocus.com/bid/98460 http://www.securitytracker.com/id/1038476 https://access.redhat.com/errata/RHSA-2017:1677 https://access.redhat.com/errata/RHSA-2017:1678 https://access.redhat.com/errata/RHSA-2017:1838 https://access.redhat.com/errata/RHSA-2017:1983 https://access.redhat.com/errata/RHSA-2017:2425 https://security.gentoo.org/glsa/201710-06 https://www.postgresql.org/about/news/1746 https://access • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-285: Improper Authorization CWE-522: Insufficiently Protected Credentials •
CVE-2016-5424 – postgresql: privilege escalation via crafted database and role names
https://notcve.org/view.php?id=CVE-2016-5424
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation. PostgreSQL en versiones anteriores a 9.1.23, 9.2.x en versiones anteriores a 9.2.18, 9.3.x en versiones anteriores a 9.3.14, 9.4.x en versiones anteriores a 9.4.9 y 9.5.x en versiones anteriores a 9.5.4 podrían permitir a usuarios remotos autenticados con el rol CREATEDB o CREATEROLE obtener privilegios de superusuario a través de un carácter (1) " (comillas dobles), (2) \ (barra invertida), (3) retorno de carro o (4) nueva linea en (a) una base de datos o (b) el nombre del rol que se maneja incorrectamente durante una operación administrativa. A flaw was found in the way PostgreSQL client programs handled database and role names containing newlines, carriage returns, double quotes, or backslashes. By crafting such an object name, roles with the CREATEDB or CREATEROLE option could escalate their privileges to superuser when a superuser next executes maintenance with a vulnerable client program. • http://rhn.redhat.com/errata/RHSA-2016-1781.html http://rhn.redhat.com/errata/RHSA-2016-1820.html http://rhn.redhat.com/errata/RHSA-2016-1821.html http://rhn.redhat.com/errata/RHSA-2016-2606.html http://www.debian.org/security/2016/dsa-3646 http://www.securityfocus.com/bid/92435 http://www.securitytracker.com/id/1036617 https://access.redhat.com/errata/RHSA-2017:2425 https://security.gentoo.org/glsa/201701-33 https://www.postgresql.org/about/news/1688 https: • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •