CVE-2017-15099 – postgresql: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges
https://notcve.org/view.php?id=CVE-2017-15099
INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE privileges. Exploits bypass row level security policies and lack of SELECT privilege. Los comandos INSERT ... • https://github.com/ToontjeM/CVE-2017-15099 http://www.securityfocus.com/bid/101781 http://www.securitytracker.com/id/1039752 https://access.redhat.com/errata/RHSA-2018:2511 https://access.redhat.com/errata/RHSA-2018:2566 https://www.debian.org/security/2017/dsa-4028 https://www.postgresql.org/about/news/1801 https://www.postgresql.org/support/security https://access.redhat.com/security/cve/CVE-2017-15099 https://bugzilla.redhat.com/show_bug.cgi?id=1508823 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-15098 – postgresql: Memory disclosure in JSON functions
https://notcve.org/view.php?id=CVE-2017-15098
Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory. Las llamadas de función json_populate_recordset o jsonb_populate_recordset inválidas en PostgreSQL en versiones 10.x anteriores a la 10.1; versiones 9.6.x anteriores a la 9.6.6, versiones 9.5.x anteriores a la 9.5.10; versiones 9.4.x anteriores a la 9.4.15 y versiones 9.3.x anteriores a la 9.3.20 pueden provocar el cierre inesperado del servidor o divulgar unos pocos bytes de memoria del servidor. • http://www.securityfocus.com/bid/101781 http://www.securitytracker.com/id/1039752 https://access.redhat.com/errata/RHSA-2018:2511 https://access.redhat.com/errata/RHSA-2018:2566 https://www.debian.org/security/2017/dsa-4027 https://www.debian.org/security/2017/dsa-4028 https://www.postgresql.org/about/news/1801 https://www.postgresql.org/support/security https://access.redhat.com/security/cve/CVE-2017-15098 https://bugzilla.redhat.com/show_bug.cgi?id=1508820 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-7547 – postgresql: pg_user_mappings view discloses passwords to users lacking server privileges
https://notcve.org/view.php?id=CVE-2017-7547
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so. PostgreSQL en sus versiones anteriores a 9.2.22, 9.3.18, 9.4.13, 9.5.8 y 9.6.4 es vulnerable a un fallo de autorización que permite que los atacantes remotos autenticados recuperen contraseñas de los mapeos de usuarios definidos por los propietarios del servidor extranjero sin tener privilegios para ello. An authorization flaw was found in the way PostgreSQL handled access to the pg_user_mappings view on foreign servers. A remote, authenticated attacker could potentially use this flaw to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so. • http://www.debian.org/security/2017/dsa-3935 http://www.debian.org/security/2017/dsa-3936 http://www.securityfocus.com/bid/100275 http://www.securitytracker.com/id/1039142 https://access.redhat.com/errata/RHSA-2017:2677 https://access.redhat.com/errata/RHSA-2017:2678 https://access.redhat.com/errata/RHSA-2017:2728 https://security.gentoo.org/glsa/201710-06 https://www.postgresql.org/about/news/1772 https://access.redhat.com/security/cve/CVE-2017-7547 https:// • CWE-522: Insufficiently Protected Credentials •
CVE-2017-7548 – postgresql: lo_put() function ignores ACLs
https://notcve.org/view.php?id=CVE-2017-7548
PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service. PostgreSQL en sus versiones anteriores a 9.4.13, 9.5.8 y 9.6.4 es vulnerable a un fallo de autorización que permite que atacantes remotos sin privilegios sobre un gran objeto sobreescriban todo el contenido del objeto. Esto resultaría en una denegación de servicio. An authorization flaw was found in the way PostgreSQL handled large objects. A remote, authenticated attacker with no privileges on a large object could potentially use this flaw to overwrite the entire content of the object, thus resulting in denial of service. • http://www.debian.org/security/2017/dsa-3935 http://www.debian.org/security/2017/dsa-3936 http://www.securityfocus.com/bid/100276 http://www.securitytracker.com/id/1039142 https://access.redhat.com/errata/RHSA-2017:2677 https://access.redhat.com/errata/RHSA-2017:2678 https://security.gentoo.org/glsa/201710-06 https://www.postgresql.org/about/news/1772 https://access.redhat.com/security/cve/CVE-2017-7548 https://bugzilla.redhat.com/show_bug.cgi?id=1477187 • CWE-862: Missing Authorization •
CVE-2017-7546 – postgresql: Empty password accepted in some authentication methods
https://notcve.org/view.php?id=CVE-2017-7546
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password. PostgreSQL en sus versiones anteriores a 9.2.22, 9.3.18, 9.4.13, 9.5.8 y 9.6.4 es vulnerable a un fallo de autenticación incorrecta que permite que atacantes remotos obtengan acceso a cuentas de la base de datos con una contraseña vacía. It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A remote attacker could potentially use this flaw to gain access to database accounts with empty passwords. • http://www.debian.org/security/2017/dsa-3935 http://www.debian.org/security/2017/dsa-3936 http://www.securityfocus.com/bid/100278 http://www.securitytracker.com/id/1039142 https://access.redhat.com/errata/RHSA-2017:2677 https://access.redhat.com/errata/RHSA-2017:2678 https://access.redhat.com/errata/RHSA-2017:2728 https://access.redhat.com/errata/RHSA-2017:2860 https://security.gentoo.org/glsa/201710-06 https://www.postgresql.org/about/news/1772 https://access • CWE-287: Improper Authentication •