CVE-2017-7548
postgresql: lo_put() function ignores ACLs
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service.
PostgreSQL en sus versiones anteriores a 9.4.13, 9.5.8 y 9.6.4 es vulnerable a un fallo de autorización que permite que atacantes remotos sin privilegios sobre un gran objeto sobreescriban todo el contenido del objeto. Esto resultaría en una denegación de servicio.
An authorization flaw was found in the way PostgreSQL handled large objects. A remote, authenticated attacker with no privileges on a large object could potentially use this flaw to overwrite the entire content of the object, thus resulting in denial of service.
Ben de Graaff, Jelte Fennema, and Jeroen van der Ham discovered that PostgreSQL allowed the use of empty passwords in some authentication methods, contrary to expected behaviour. A remote attacker could use an empty password to authenticate to servers that were believed to have password login disabled. Jeff Janes discovered that PostgreSQL incorrectly handled the pg_user_mappings catalog view. A remote attacker without server privileges could possibly use this issue to obtain certain passwords. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-04-05 CVE Reserved
- 2017-08-10 CVE Published
- 2024-09-16 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-862: Missing Authorization
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/100276 | Third Party Advisory | |
| http://www.securitytracker.com/id/1039142 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2017/dsa-3935 | 2023-05-16 | |
| http://www.debian.org/security/2017/dsa-3936 | 2023-05-16 | |
| https://access.redhat.com/errata/RHSA-2017:2677 | 2023-05-16 | |
| https://access.redhat.com/errata/RHSA-2017:2678 | 2023-05-16 | |
| https://security.gentoo.org/glsa/201710-06 | 2023-05-16 | |
| https://www.postgresql.org/about/news/1772 | 2023-05-16 | |
| https://access.redhat.com/security/cve/CVE-2017-7548 | 2017-09-12 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1477187 | 2017-09-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | >= 9.4 < 9.4.13 Search vendor "Postgresql" for product "Postgresql" and version " >= 9.4 < 9.4.13" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | >= 9.5 < 9.5.8 Search vendor "Postgresql" for product "Postgresql" and version " >= 9.5 < 9.5.8" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | >= 9.6 < 9.6.4 Search vendor "Postgresql" for product "Postgresql" and version " >= 9.6 < 9.6.4" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||