CVE-2017-8806
https://notcve.org/view.php?id=CVE-2017-8806
The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files. Los scripts de Debian pg_ctlcluster, pg_createcluster y pg_upgradecluster, tal y como se distribuyen en el paquete de Debian postgresql-common anterior a 181+deb9u1 para PostgreSQL (y otros paquetes relacionados con Debian y Ubuntu), manipularon vínculos simbólicos de forma no segura, lo que podría desembocar en una denegación de servicio local sobrescribiendo archivos arbitrarios. • http://metadata.ftp-master.debian.org/changelogs/main/p/postgresql-common/postgresql-common_181+deb9u1_changelog http://www.securityfocus.com/bid/101810 https://usn.ubuntu.com/usn/usn-3476-1 https://www.debian.org/security/2017/dsa-4029 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2017-15099 – postgresql: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges
https://notcve.org/view.php?id=CVE-2017-15099
INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE privileges. Exploits bypass row level security policies and lack of SELECT privilege. Los comandos INSERT ... • https://github.com/ToontjeM/CVE-2017-15099 http://www.securityfocus.com/bid/101781 http://www.securitytracker.com/id/1039752 https://access.redhat.com/errata/RHSA-2018:2511 https://access.redhat.com/errata/RHSA-2018:2566 https://www.debian.org/security/2017/dsa-4028 https://www.postgresql.org/about/news/1801 https://www.postgresql.org/support/security https://access.redhat.com/security/cve/CVE-2017-15099 https://bugzilla.redhat.com/show_bug.cgi?id=1508823 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-7546 – postgresql: Empty password accepted in some authentication methods
https://notcve.org/view.php?id=CVE-2017-7546
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password. PostgreSQL en sus versiones anteriores a 9.2.22, 9.3.18, 9.4.13, 9.5.8 y 9.6.4 es vulnerable a un fallo de autenticación incorrecta que permite que atacantes remotos obtengan acceso a cuentas de la base de datos con una contraseña vacía. It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A remote attacker could potentially use this flaw to gain access to database accounts with empty passwords. • http://www.debian.org/security/2017/dsa-3935 http://www.debian.org/security/2017/dsa-3936 http://www.securityfocus.com/bid/100278 http://www.securitytracker.com/id/1039142 https://access.redhat.com/errata/RHSA-2017:2677 https://access.redhat.com/errata/RHSA-2017:2678 https://access.redhat.com/errata/RHSA-2017:2728 https://access.redhat.com/errata/RHSA-2017:2860 https://security.gentoo.org/glsa/201710-06 https://www.postgresql.org/about/news/1772 https://access • CWE-287: Improper Authentication •
CVE-2017-7548 – postgresql: lo_put() function ignores ACLs
https://notcve.org/view.php?id=CVE-2017-7548
PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service. PostgreSQL en sus versiones anteriores a 9.4.13, 9.5.8 y 9.6.4 es vulnerable a un fallo de autorización que permite que atacantes remotos sin privilegios sobre un gran objeto sobreescriban todo el contenido del objeto. Esto resultaría en una denegación de servicio. An authorization flaw was found in the way PostgreSQL handled large objects. A remote, authenticated attacker with no privileges on a large object could potentially use this flaw to overwrite the entire content of the object, thus resulting in denial of service. • http://www.debian.org/security/2017/dsa-3935 http://www.debian.org/security/2017/dsa-3936 http://www.securityfocus.com/bid/100276 http://www.securitytracker.com/id/1039142 https://access.redhat.com/errata/RHSA-2017:2677 https://access.redhat.com/errata/RHSA-2017:2678 https://security.gentoo.org/glsa/201710-06 https://www.postgresql.org/about/news/1772 https://access.redhat.com/security/cve/CVE-2017-7548 https://bugzilla.redhat.com/show_bug.cgi?id=1477187 • CWE-862: Missing Authorization •
CVE-2016-0768
https://notcve.org/view.php?id=CVE-2016-0768
PostgreSQL PL/Java after 9.0 does not honor access controls on large objects. PL/Java posterior a la versión 9.0 de PostgreSQL, no respeta los controles de acceso en objetos grandes. • https://tada.github.io/pljava/releasenotes.html • CWE-284: Improper Access Control •