ID CVE-2017-7486
Summary PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.
References
Vulnerable Configurations
  • PostgreSQL 8.4
    cpe:2.3:a:postgresql:postgresql:8.4
  • PostgreSQL 8.4.1
    cpe:2.3:a:postgresql:postgresql:8.4.1
  • PostgreSQL 8.4.2
    cpe:2.3:a:postgresql:postgresql:8.4.2
  • PostgreSQL 8.4.3
    cpe:2.3:a:postgresql:postgresql:8.4.3
  • PostgreSQL 8.4.4
    cpe:2.3:a:postgresql:postgresql:8.4.4
  • PostgreSQL 8.4.5
    cpe:2.3:a:postgresql:postgresql:8.4.5
  • PostgreSQL 8.4.6
    cpe:2.3:a:postgresql:postgresql:8.4.6
  • PostgreSQL 8.4.7
    cpe:2.3:a:postgresql:postgresql:8.4.7
  • PostgreSQL 8.4.8
    cpe:2.3:a:postgresql:postgresql:8.4.8
  • PostgreSQL 8.4.9
    cpe:2.3:a:postgresql:postgresql:8.4.9
  • PostgreSQL 8.4.10
    cpe:2.3:a:postgresql:postgresql:8.4.10
  • PostgreSQL 8.4.11
    cpe:2.3:a:postgresql:postgresql:8.4.11
  • PostgreSQL 8.4.12
    cpe:2.3:a:postgresql:postgresql:8.4.12
  • PostgreSQL 8.4.13
    cpe:2.3:a:postgresql:postgresql:8.4.13
  • PostgreSQL 8.4.14
    cpe:2.3:a:postgresql:postgresql:8.4.14
  • PostgreSQL 8.4.15
    cpe:2.3:a:postgresql:postgresql:8.4.15
  • PostgreSQL 8.4.16
    cpe:2.3:a:postgresql:postgresql:8.4.16
  • PostgreSQL PostgreSQL 8.4.17
    cpe:2.3:a:postgresql:postgresql:8.4.17
  • PostgreSQL PostgreSQL 8.4.18
    cpe:2.3:a:postgresql:postgresql:8.4.18
  • PostgreSQL PostgreSQL 8.4.19
    cpe:2.3:a:postgresql:postgresql:8.4.19
  • PostgreSQL PostgreSQL 8.4.20
    cpe:2.3:a:postgresql:postgresql:8.4.20
  • PostgreSQL 8.4.21
    cpe:2.3:a:postgresql:postgresql:8.4.21
  • PostgreSQL 8.4.22
    cpe:2.3:a:postgresql:postgresql:8.4.22
  • PostgreSQL 9.0
    cpe:2.3:a:postgresql:postgresql:9.0
  • PostgreSQL 9.0.1
    cpe:2.3:a:postgresql:postgresql:9.0.1
  • PostgreSQL 9.0.2
    cpe:2.3:a:postgresql:postgresql:9.0.2
  • PostgreSQL 9.0.3
    cpe:2.3:a:postgresql:postgresql:9.0.3
  • PostgreSQL 9.0.4
    cpe:2.3:a:postgresql:postgresql:9.0.4
  • PostgreSQL 9.0.5
    cpe:2.3:a:postgresql:postgresql:9.0.5
  • PostgreSQL 9.0.6
    cpe:2.3:a:postgresql:postgresql:9.0.6
  • PostgreSQL 9.0.7
    cpe:2.3:a:postgresql:postgresql:9.0.7
  • PostgreSQL 9.0.8
    cpe:2.3:a:postgresql:postgresql:9.0.8
  • PostgreSQL 9.0.9
    cpe:2.3:a:postgresql:postgresql:9.0.9
  • PostgreSQL 9.0.10
    cpe:2.3:a:postgresql:postgresql:9.0.10
  • PostgreSQL 9.0.11
    cpe:2.3:a:postgresql:postgresql:9.0.11
  • PostgreSQL 9.0.12
    cpe:2.3:a:postgresql:postgresql:9.0.12
  • PostgreSQL PostgreSQL 9.0.13
    cpe:2.3:a:postgresql:postgresql:9.0.13
  • PostgreSQL PostgreSQL 9.0.14
    cpe:2.3:a:postgresql:postgresql:9.0.14
  • PostgreSQL PostgreSQL 9.0.15
    cpe:2.3:a:postgresql:postgresql:9.0.15
  • PostgreSQL PostgreSQL 9.0.16
    cpe:2.3:a:postgresql:postgresql:9.0.16
  • PostgreSQL 9.0.17
    cpe:2.3:a:postgresql:postgresql:9.0.17
  • PostgreSQL 9.0.18
    cpe:2.3:a:postgresql:postgresql:9.0.18
  • cpe:2.3:a:postgresql:postgresql:9.0.19
    cpe:2.3:a:postgresql:postgresql:9.0.19
  • PostgreSQL 9.0.20
    cpe:2.3:a:postgresql:postgresql:9.0.20
  • PostgreSQL 9.0.21
    cpe:2.3:a:postgresql:postgresql:9.0.21
  • cpe:2.3:a:postgresql:postgresql:9.0.22
    cpe:2.3:a:postgresql:postgresql:9.0.22
  • PostgreSQL 9.0.23
    cpe:2.3:a:postgresql:postgresql:9.0.23
  • PostgreSQL 9.1
    cpe:2.3:a:postgresql:postgresql:9.1
  • PostgreSQL 9.1.1
    cpe:2.3:a:postgresql:postgresql:9.1.1
  • PostgreSQL 9.1.2
    cpe:2.3:a:postgresql:postgresql:9.1.2
  • PostgreSQL 9.1.3
    cpe:2.3:a:postgresql:postgresql:9.1.3
  • PostgreSQL 9.1.4
    cpe:2.3:a:postgresql:postgresql:9.1.4
  • PostgreSQL 9.1.5
    cpe:2.3:a:postgresql:postgresql:9.1.5
  • PostgreSQL 9.1.6
    cpe:2.3:a:postgresql:postgresql:9.1.6
  • PostgreSQL 9.1.7
    cpe:2.3:a:postgresql:postgresql:9.1.7
  • PostgreSQL 9.1.8
    cpe:2.3:a:postgresql:postgresql:9.1.8
  • PostgreSQL PostgreSQL 9.1.9
    cpe:2.3:a:postgresql:postgresql:9.1.9
  • PostgreSQL PostgreSQL 9.1.10
    cpe:2.3:a:postgresql:postgresql:9.1.10
  • PostgreSQL PostgreSQL 9.1.11
    cpe:2.3:a:postgresql:postgresql:9.1.11
  • PostgreSQL PostgreSQL 9.1.12
    cpe:2.3:a:postgresql:postgresql:9.1.12
  • cpe:2.3:a:postgresql:postgresql:9.1.13
    cpe:2.3:a:postgresql:postgresql:9.1.13
  • cpe:2.3:a:postgresql:postgresql:9.1.14
    cpe:2.3:a:postgresql:postgresql:9.1.14
  • cpe:2.3:a:postgresql:postgresql:9.1.15
    cpe:2.3:a:postgresql:postgresql:9.1.15
  • cpe:2.3:a:postgresql:postgresql:9.1.16
    cpe:2.3:a:postgresql:postgresql:9.1.16
  • cpe:2.3:a:postgresql:postgresql:9.1.17
    cpe:2.3:a:postgresql:postgresql:9.1.17
  • cpe:2.3:a:postgresql:postgresql:9.1.18
    cpe:2.3:a:postgresql:postgresql:9.1.18
  • PostgreSQL PostgreSQL 9.1.19
    cpe:2.3:a:postgresql:postgresql:9.1.19
  • PostgreSQL 9.1.20
    cpe:2.3:a:postgresql:postgresql:9.1.20
  • PostgreSQL 9.1.21
    cpe:2.3:a:postgresql:postgresql:9.1.21
  • PostgreSQL 9.1.22
    cpe:2.3:a:postgresql:postgresql:9.1.22
  • PostgreSQL 9.1.23
    cpe:2.3:a:postgresql:postgresql:9.1.23
  • PostgreSQL 9.1.24
    cpe:2.3:a:postgresql:postgresql:9.1.24
  • PostgreSQL 9.2
    cpe:2.3:a:postgresql:postgresql:9.2
  • PostgreSQL 9.2.1
    cpe:2.3:a:postgresql:postgresql:9.2.1
  • PostgreSQL 9.2.2
    cpe:2.3:a:postgresql:postgresql:9.2.2
  • PostgreSQL PostgreSQL 9.2.3
    cpe:2.3:a:postgresql:postgresql:9.2.3
  • PostgreSQL PostgreSQL 9.2.4
    cpe:2.3:a:postgresql:postgresql:9.2.4
  • PostgreSQL PostgreSQL 9.2.5
    cpe:2.3:a:postgresql:postgresql:9.2.5
  • PostgreSQL PostgreSQL 9.2.6
    cpe:2.3:a:postgresql:postgresql:9.2.6
  • PostgreSQL PostgreSQL 9.2.7
    cpe:2.3:a:postgresql:postgresql:9.2.7
  • cpe:2.3:a:postgresql:postgresql:9.2.8
    cpe:2.3:a:postgresql:postgresql:9.2.8
  • cpe:2.3:a:postgresql:postgresql:9.2.9
    cpe:2.3:a:postgresql:postgresql:9.2.9
  • cpe:2.3:a:postgresql:postgresql:9.2.10
    cpe:2.3:a:postgresql:postgresql:9.2.10
  • cpe:2.3:a:postgresql:postgresql:9.2.11
    cpe:2.3:a:postgresql:postgresql:9.2.11
  • cpe:2.3:a:postgresql:postgresql:9.2.12
    cpe:2.3:a:postgresql:postgresql:9.2.12
  • cpe:2.3:a:postgresql:postgresql:9.2.13
    cpe:2.3:a:postgresql:postgresql:9.2.13
  • PostgreSQL PostgreSQL 9.2.14
    cpe:2.3:a:postgresql:postgresql:9.2.14
  • PostgreSQL 9.2.15
    cpe:2.3:a:postgresql:postgresql:9.2.15
  • PostgreSQL 9.2.16
    cpe:2.3:a:postgresql:postgresql:9.2.16
  • PostgreSQL 9.2.17
    cpe:2.3:a:postgresql:postgresql:9.2.17
  • PostgreSQL 9.2.18
    cpe:2.3:a:postgresql:postgresql:9.2.18
  • PostgreSQL 9.2.19
    cpe:2.3:a:postgresql:postgresql:9.2.19
  • PostgreSQL 9.2.20
    cpe:2.3:a:postgresql:postgresql:9.2.20
  • PostgreSQL 9.2.21
    cpe:2.3:a:postgresql:postgresql:9.2.21
  • PostgreSQL PostgreSQL 9.3
    cpe:2.3:a:postgresql:postgresql:9.3
  • PostgreSQL PostgreSQL 9.3.1
    cpe:2.3:a:postgresql:postgresql:9.3.1
  • PostgreSQL PostgreSQL 9.3.2
    cpe:2.3:a:postgresql:postgresql:9.3.2
  • PostgreSQL PostgreSQL 9.3.3
    cpe:2.3:a:postgresql:postgresql:9.3.3
  • cpe:2.3:a:postgresql:postgresql:9.3.4
    cpe:2.3:a:postgresql:postgresql:9.3.4
  • cpe:2.3:a:postgresql:postgresql:9.3.5
    cpe:2.3:a:postgresql:postgresql:9.3.5
  • cpe:2.3:a:postgresql:postgresql:9.3.6
    cpe:2.3:a:postgresql:postgresql:9.3.6
  • cpe:2.3:a:postgresql:postgresql:9.3.7
    cpe:2.3:a:postgresql:postgresql:9.3.7
  • cpe:2.3:a:postgresql:postgresql:9.3.8
    cpe:2.3:a:postgresql:postgresql:9.3.8
  • cpe:2.3:a:postgresql:postgresql:9.3.9
    cpe:2.3:a:postgresql:postgresql:9.3.9
  • PostgreSQL 9.3.10
    cpe:2.3:a:postgresql:postgresql:9.3.10
  • PostgreSQL 9.3.11
    cpe:2.3:a:postgresql:postgresql:9.3.11
  • PostgreSQL 9.3.12
    cpe:2.3:a:postgresql:postgresql:9.3.12
  • PostgreSQL 9.3.13
    cpe:2.3:a:postgresql:postgresql:9.3.13
  • PostgreSQL 9.3.14
    cpe:2.3:a:postgresql:postgresql:9.3.14
  • PostgreSQL 9.3.15
    cpe:2.3:a:postgresql:postgresql:9.3.15
  • PostgreSQL 9.3.16
    cpe:2.3:a:postgresql:postgresql:9.3.16
  • PostgreSQL 9.3.17
    cpe:2.3:a:postgresql:postgresql:9.3.17
  • PostgreSQL PostgreSQL 9.4
    cpe:2.3:a:postgresql:postgresql:9.4
  • cpe:2.3:a:postgresql:postgresql:9.4.1
    cpe:2.3:a:postgresql:postgresql:9.4.1
  • cpe:2.3:a:postgresql:postgresql:9.4.2
    cpe:2.3:a:postgresql:postgresql:9.4.2
  • cpe:2.3:a:postgresql:postgresql:9.4.3
    cpe:2.3:a:postgresql:postgresql:9.4.3
  • cpe:2.3:a:postgresql:postgresql:9.4.4
    cpe:2.3:a:postgresql:postgresql:9.4.4
  • PostgreSQL PostgreSQL 9.4.5
    cpe:2.3:a:postgresql:postgresql:9.4.5
  • PostgreSQL 9.4.6
    cpe:2.3:a:postgresql:postgresql:9.4.6
  • PostgreSQL 9.4.7
    cpe:2.3:a:postgresql:postgresql:9.4.7
  • PostgreSQL 9.4.8
    cpe:2.3:a:postgresql:postgresql:9.4.8
  • PostgreSQL 9.4.9
    cpe:2.3:a:postgresql:postgresql:9.4.9
  • PostgreSQL 9.4.10
    cpe:2.3:a:postgresql:postgresql:9.4.10
  • PostgreSQL 9.4.11
    cpe:2.3:a:postgresql:postgresql:9.4.11
  • PostgreSQL 9.4.12
    cpe:2.3:a:postgresql:postgresql:9.4.12
  • PostgreSQL PostgreSQL 9.5
    cpe:2.3:a:postgresql:postgresql:9.5
  • cpe:2.3:a:postgresql:postgresql:9.5.1
    cpe:2.3:a:postgresql:postgresql:9.5.1
  • PostgreSQL 9.5.2
    cpe:2.3:a:postgresql:postgresql:9.5.2
  • PostgreSQL 9.5.3
    cpe:2.3:a:postgresql:postgresql:9.5.3
  • PostgreSQL 9.5.4
    cpe:2.3:a:postgresql:postgresql:9.5.4
  • PostgreSQL 9.5.5
    cpe:2.3:a:postgresql:postgresql:9.5.5
  • PostgreSQL 9.5.6
    cpe:2.3:a:postgresql:postgresql:9.5.6
  • PostgreSQL 9.5.7
    cpe:2.3:a:postgresql:postgresql:9.5.7
  • PostgreSQL 9.6
    cpe:2.3:a:postgresql:postgresql:9.6
CVSS
Base: 5.0
Impact:
Exploitability:
CWE CWE-200
CAPEC
  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
  • Reusing Session IDs (aka Session Replay)
    This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.
  • Using Slashes in Alternate Encoding
    This attack targets the encoding of the Slash characters. An attacker would try to exploit common filtering problems related to the use of the slashes characters to gain access to resources on the target host. Directory-driven systems, such as file systems and databases, typically use the slash character to indicate traversal between directories or other container components. For murky historical reasons, PCs (and, as a result, Microsoft OSs) choose to use a backslash, whereas the UNIX world typically makes use of the forward slash. The schizophrenic result is that many MS-based systems are required to understand both forms of the slash. This gives the attacker many opportunities to discover and abuse a number of common filtering problems. The goal of this pattern is to discover server software that only applies filters to one version, but not the other.
nessus via4
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20170801_POSTGRESQL_ON_SL7_X.NASL
    description The following packages have been upgraded to a later upstream version: postgresql (9.2.21). Security Fix(es) : - It was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information. A non-administrative database user could use this flaw to steal some information from tables they are otherwise not allowed to access. (CVE-2017-7484) - It was found that the pg_user_mappings view could disclose information about user mappings to a foreign database to non-administrative database users. A database user with USAGE privilege for this mapping could, when querying the view, obtain user mapping data, such as the username and password used to connect to the foreign database. (CVE-2017-7486)
    last seen 2017-10-29
    modified 2017-08-22
    plugin id 102653
    published 2017-08-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102653
    title Scientific Linux Security Update : postgresql on SL7.x x86_64
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2017-839.NASL
    description Selectivity estimators bypass SELECT privilege checks It was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access. (CVE-2017-7484) libpq ignores PGREQUIRESSL environment variable It was found that the PGREQUIRESSL was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. (CVE-2017-7485) pg_user_mappings view discloses foreign server passwords It was found that the pg_user_mappings view from postgresql could disclose information about user mappings to a foreign database to unprivileged users. An authenticated attacker with USAGE privilege for this mapping could, when querying the view, obtain user mapping data, such as the username and password used to connect to the foreign database. (CVE-2017-7486)
    last seen 2017-10-29
    modified 2017-08-18
    plugin id 100640
    published 2017-06-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100640
    title Amazon Linux AMI : postgresql93 / postgresql94,postgresql95 (ALAS-2017-839)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1215.NASL
    description According to the versions of the posrgresql packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information. A non-administrative database user could use this flaw to steal some information from tables they are otherwise not allowed to access. (CVE-2017-7484) - It was found that the pg_user_mappings view could disclose information about user mappings to a foreign database to non-administrative database users. A database user with USAGE privilege for this mapping could, when querying the view, obtain user mapping data, such as the username and password used to connect to the foreign database. (CVE-2017-7486) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2017-09-11
    plugin id 103073
    published 2017-09-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103073
    title EulerOS 2.0 SP1 : posrgresql (EulerOS-SA-2017-1215)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-657.NASL
    description This update for postgresql93 fixes the following issues : The PostgreSQL package was updated to 9.3.17, bringing various bug and security fixes. Security fixes : - CVE-2017-7486: Restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1037624) - CVE-2017-7485: Recognize PGREQUIRESSL variable again. (bsc#1038293) - CVE-2017-7484: Prevent exposure of statistical information via leaky operators. (bsc#1037603) More details can be found in the PostgreSQL release announcements : - https://www.postgresql.org/docs/9.3/static/release-9-3-17.html - https://www.postgresql.org/docs/9.3/static/release-9-3-16.html - https://www.postgresql.org/docs/9.3/static/release-9-3-15.html This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2017-10-29
    modified 2017-08-18
    plugin id 100659
    published 2017-06-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100659
    title openSUSE Security Update : postgresql93 (openSUSE-2017-657)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-1983.NASL
    description An update for postgresql is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). The following packages have been upgraded to a later upstream version: postgresql (9.2.21). (BZ#1449706) Security Fix(es) : * It was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information. A non-administrative database user could use this flaw to steal some information from tables they are otherwise not allowed to access. (CVE-2017-7484) * It was found that the pg_user_mappings view could disclose information about user mappings to a foreign database to non-administrative database users. A database user with USAGE privilege for this mapping could, when querying the view, obtain user mapping data, such as the username and password used to connect to the foreign database. (CVE-2017-7486) Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Robert Haas as the original reporter of CVE-2017-7484; and Andrew Wheelwright as the original reporter of CVE-2017-7486. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
    last seen 2017-10-29
    modified 2017-08-18
    plugin id 102108
    published 2017-08-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102108
    title RHEL 7 : postgresql (RHSA-2017:1983)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-1838.NASL
    description An update for rh-postgresql95-postgresql is now available for Red Hat Satellite 5.8 and Red Hat Satellite 5.8 ELS. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. This update applies only to Satellite 5.8 instances using either embedded or managed PostgreSQL databases. There are manual steps required in order to finish the migration from postgresql92-postgresql to rh-postgresql95-postgresql. If these steps are not undertaken, the affected Satellite will continue to use PostgreSQL 9.2. postgresql92-postgresql will be upgraded automatically to rh-postgresql95-postgresql as part of an upgrade to Satellite 5.8. PostgreSQL is an advanced object-relational database management system (DBMS). Security Fix(es) : * It was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information. A non-administrative database user could use this flaw to steal some information from tables they are otherwise not allowed to access. (CVE-2017-7484) * It was discovered that the PostgreSQL client library (libpq) did not enforce the use of TLS/SSL for a connection to a PostgreSQL server when the PGREQUIRESSL environment variable was set. An man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. (CVE-2017-7485) * It was found that the pg_user_mappings view could disclose information about user mappings to a foreign database to non-administrative database users. A database user with USAGE privilege for this mapping could, when querying the view, obtain user mapping data, such as the username and password used to connect to the foreign database. (CVE-2017-7486) Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Robert Haas as the original reporter of CVE-2017-7484; Daniel Gustafsson as the original reporter of CVE-2017-7485; and Andrew Wheelwright as the original reporter of CVE-2017-7486.
    last seen 2017-10-29
    modified 2017-08-18
    plugin id 102142
    published 2017-08-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102142
    title RHEL 5 : rh-postgresql95-postgresql (RHSA-2017:1838)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1051.NASL
    description Several vulnerabilities have been found in the PostgreSQL database system : CVE-2017-7486 Andrew Wheelwright discovered that user mappings were insufficiently restricted. CVE-2017-7546 In some authentication methods empty passwords were accepted. CVE-2017-7547 User mappings could leak data to unprivileged users. For Debian 7 'Wheezy', these problems have been fixed in version 9.1.24lts2-0+deb7u1. We recommend that you upgrade your postgresql-9.1 packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2017-08-29
    plugin id 102368
    published 2017-08-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102368
    title Debian DLA-1051-1 : postgresql-9.1 security update
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-770.NASL
    description This update for postgresql94 to 9.4.12 fixes the following issues : Upstream changelogs : - https://www.postgresql.org/docs/9.4/static/release-9-4-12.html - https://www.postgresql.org/docs/9.4/static/release-9-4-11.html - https://www.postgresql.org/docs/9.4/static/release-9-4-10.html Security issues fixed : - CVE-2017-7486: Restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1037624) Please note that manual action is needed to fix this in existing databases See the upstream release notes for details. - CVE-2017-7485: recognize PGREQUIRESSL variable again. (bsc#1038293) - CVE-2017-7484: Prevent exposure of statistical information via leaky operators. (bsc#1037603) Changes in version 9.4.12 : - Build corruption with CREATE INDEX CONCURRENTLY - Fixes for visibility and write-ahead-log stability Changes in version 9.4.10 : - Fix WAL-logging of truncation of relation free space maps and visibility maps - Fix incorrect creation of GIN index WAL records on big-endian machines - Fix SELECT FOR UPDATE/SHARE to correctly lock tuples that have been updated by a subsequently-aborted transaction - Fix EvalPlanQual rechecks involving CTE scans - Fix improper repetition of previous results from hashed aggregation in a subquery The libraries libpq and libecpg are now supplied by postgresql 9.6. This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2017-10-29
    modified 2017-08-18
    plugin id 101220
    published 2017-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101220
    title openSUSE Security Update : postgresql94 (openSUSE-2017-770)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1783-1.NASL
    description This update for postgresql93 fixes the following issues : - bsc#1029547: Fix tests with timezone 2017a - CVE-2017-7486: Restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1037624) - CVE-2017-7485: Recognize PGREQUIRESSL variable again. (bsc#1038293) - CVE-2017-7484: Prevent exposure of statistical information via leaky operators. (bsc#1037603) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2017-08-18
    plugin id 101260
    published 2017-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101260
    title SUSE SLES11 Security Update : postgresql94 (SUSE-SU-2017:1783-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1441-1.NASL
    description This update for postgresql93 fixes the following issues: The PostgreSQL package was updated to 9.3.17, bringing various bug and security fixes. Bug fixes : - bsc#1029547: Fix tests with timezone 2017a - CVE-2017-7486: Restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1037624) - CVE-2017-7485: Recognize PGREQUIRESSL variable again. (bsc#1038293) - CVE-2017-7484: Prevent exposure of statistical information via leaky operators. (bsc#1037603) More details can be found in the PostgreSQL release announcements : - https://www.postgresql.org/docs/9.3/static/release-9-3-17.html - https://www.postgresql.org/docs/9.3/static/release-9-3-16.html - https://www.postgresql.org/docs/9.3/static/release-9-3-15.html Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2017-08-18
    plugin id 100538
    published 2017-05-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100538
    title SUSE SLES12 Security Update : postgresql93 (SUSE-SU-2017:1441-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201710-06.NASL
    description The remote host is affected by the vulnerability described in GLSA-201710-06 (PostgreSQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PostgreSQL. Please review the referenced CVE identifiers for details. Impact : A remote attacker could escalate privileges, cause a Denial of Service condition, obtain passwords, cause a loss in information, or obtain sensitive information. Workaround : There is no known workaround at this time.
    last seen 2017-10-29
    modified 2017-10-10
    plugin id 103724
    published 2017-10-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103724
    title GLSA-201710-06 : PostgreSQL: Multiple vulnerabilities
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2017-1983.NASL
    description An update for postgresql is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). The following packages have been upgraded to a later upstream version: postgresql (9.2.21). (BZ#1449706) Security Fix(es) : * It was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information. A non-administrative database user could use this flaw to steal some information from tables they are otherwise not allowed to access. (CVE-2017-7484) * It was found that the pg_user_mappings view could disclose information about user mappings to a foreign database to non-administrative database users. A database user with USAGE privilege for this mapping could, when querying the view, obtain user mapping data, such as the username and password used to connect to the foreign database. (CVE-2017-7486) Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Robert Haas as the original reporter of CVE-2017-7484; and Andrew Wheelwright as the original reporter of CVE-2017-7486. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
    last seen 2017-10-29
    modified 2017-08-25
    plugin id 102747
    published 2017-08-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102747
    title CentOS 7 : postgresql (CESA-2017:1983)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-1983.NASL
    description From Red Hat Security Advisory 2017:1983 : An update for postgresql is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). The following packages have been upgraded to a later upstream version: postgresql (9.2.21). (BZ#1449706) Security Fix(es) : * It was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information. A non-administrative database user could use this flaw to steal some information from tables they are otherwise not allowed to access. (CVE-2017-7484) * It was found that the pg_user_mappings view could disclose information about user mappings to a foreign database to non-administrative database users. A database user with USAGE privilege for this mapping could, when querying the view, obtain user mapping data, such as the username and password used to connect to the foreign database. (CVE-2017-7486) Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Robert Haas as the original reporter of CVE-2017-7484; and Andrew Wheelwright as the original reporter of CVE-2017-7486. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
    last seen 2017-10-29
    modified 2017-08-18
    plugin id 102292
    published 2017-08-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102292
    title Oracle Linux 7 : postgresql (ELSA-2017-1983)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2017-838.NASL
    description Selectivity estimators bypass SELECT privilege checks It was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access. (CVE-2017-7484) pg_user_mappings view discloses foreign server passwords It was found that the pg_user_mappings view from postgresql could disclose information about user mappings to a foreign database to unprivileged users. An authenticated attacker with USAGE privilege for this mapping could, when querying the view, obtain user mapping data, such as the username and password used to connect to the foreign database. (CVE-2017-7486 )
    last seen 2017-10-29
    modified 2017-08-18
    plugin id 100639
    published 2017-06-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100639
    title Amazon Linux AMI : postgresql92 (ALAS-2017-838)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1216.NASL
    description According to the versions of the posrgresql packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information. A non-administrative database user could use this flaw to steal some information from tables they are otherwise not allowed to access. (CVE-2017-7484) - It was found that the pg_user_mappings view could disclose information about user mappings to a foreign database to non-administrative database users. A database user with USAGE privilege for this mapping could, when querying the view, obtain user mapping data, such as the username and password used to connect to the foreign database. (CVE-2017-7486) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2017-09-11
    plugin id 103074
    published 2017-09-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103074
    title EulerOS 2.0 SP2 : posrgresql (EulerOS-SA-2017-1216)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-0D5817EFC0.NASL
    description Fixes CVE-2017-7484 CVE-2017-7485 CVE-2017-7486. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2017-08-18
    plugin id 101572
    published 2017-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101572
    title Fedora 26 : mingw-postgresql (2017-0d5817efc0)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1690-1.NASL
    description This update for postgresql94 to 9.4.12 fixes the following issues: Upstream changelogs : - https://www.postgresql.org/docs/9.4/static/release-9-4-12.html - https://www.postgresql.org/docs/9.4/static/release-9-4-11.html - https://www.postgresql.org/docs/9.4/static/release-9-4-10.html Security issues fixed : - CVE-2017-7486: Restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1037624) Please note that manual action is needed to fix this in existing databases See the upstream release notes for details. - CVE-2017-7485: recognize PGREQUIRESSL variable again. (bsc#1038293) - CVE-2017-7484: Prevent exposure of statistical information via leaky operators. (bsc#1037603) Changes in version 9.4.12 : - Build corruption with CREATE INDEX CONCURRENTLY - Fixes for visibility and write-ahead-log stability Changes in version 9.4.10 : - Fix WAL-logging of truncation of relation free space maps and visibility maps - Fix incorrect creation of GIN index WAL records on big-endian machines - Fix SELECT FOR UPDATE/SHARE to correctly lock tuples that have been updated by a subsequently-aborted transaction - Fix EvalPlanQual rechecks involving CTE scans - Fix improper repetition of previous results from hashed aggregation in a subquery The libraries libpq and libecpg are now supplied by postgresql 9.6. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2017-08-18
    plugin id 101060
    published 2017-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101060
    title SUSE SLED12 / SLES12 Security Update : postgresql94 (SUSE-SU-2017:1690-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3851.NASL
    description Several vulnerabilities have been found in the PostgreSQL database system : - CVE-2017-7484 Robert Haas discovered that some selectivity estimators did not validate user privileges which could result in information disclosure. - CVE-2017-7485 Daniel Gustafsson discovered that the PGREQUIRESSL environment variable did no longer enforce a TLS connection. - CVE-2017-7486 Andrew Wheelwright discovered that user mappings were insufficiently restricted.
    last seen 2017-10-29
    modified 2017-08-18
    plugin id 100165
    published 2017-05-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100165
    title Debian DSA-3851-1 : postgresql-9.4 - security update
  • NASL family Databases
    NASL id POSTGRESQL_20170511.NASL
    description The version of PostgreSQL installed on the remote host is 9.2.x prior to 9.2.21, 9.3.x prior to 9.3.17, 9.4.x prior to 9.4.12, 9.5.x prior to 9.5.7, or 9.6.x prior to 9.6.3. It is, therefore, affected by multiple vulnerabilities : - A information disclosure vulnerability exists in unspecified selectivity estimation functions due to improper checking of user privileges before providing information from pg_statistics. An authenticated, remote attacker can exploit this to disclose potentially sensitive information from restricted tables. (CVE-2017-7484) - A flaw exists because the PGREQUIRESSL environment variable setting is not properly honored, which results in a failure to require appropriate SSL/TLS connections. A man-in-the-middle attacker can exploit this to cause an insecure, non-SSL/TLS connection between a client and and a server. Note that version 9.2.x is not affected by this vulnerability. (CVE-2017-7485) - A information disclosure vulnerability exists in the pg_user_mappings view that allows access to user mappings which may contain passwords that have persisted from the CREATE USER MAPPING command. An authenticated, remote attacker who has USAGE privilege on the associated foreign server can exploit this to disclose foreign server passwords. (CVE-2017-7486)
    last seen 2017-10-29
    modified 2017-08-18
    plugin id 100260
    published 2017-05-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100260
    title PostgreSQL 9.2.x < 9.2.21 / 9.3.x < 9.3.17 / 9.4.x < 9.4.12 / 9.5.x < 9.5.7 / 9.6.x < 9.6.3 Multiple Vulnerabilities
redhat via4
advisories
bugzilla
id 1448089
title CVE-2017-7486 postgresql: pg_user_mappings view discloses foreign server passwords
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 7 Client is installed
      oval oval:com.redhat.rhsa:tst:20140675001
    • comment Red Hat Enterprise Linux 7 Server is installed
      oval oval:com.redhat.rhsa:tst:20140675002
    • comment Red Hat Enterprise Linux 7 Workstation is installed
      oval oval:com.redhat.rhsa:tst:20140675003
    • comment Red Hat Enterprise Linux 7 ComputeNode is installed
      oval oval:com.redhat.rhsa:tst:20140675004
  • OR
    • AND
      • comment postgresql is earlier than 0:9.2.21-1.el7
        oval oval:com.redhat.rhsa:tst:20171983015
      • comment postgresql is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100908006
    • AND
      • comment postgresql-contrib is earlier than 0:9.2.21-1.el7
        oval oval:com.redhat.rhsa:tst:20171983023
      • comment postgresql-contrib is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100908014
    • AND
      • comment postgresql-devel is earlier than 0:9.2.21-1.el7
        oval oval:com.redhat.rhsa:tst:20171983011
      • comment postgresql-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100908010
    • AND
      • comment postgresql-docs is earlier than 0:9.2.21-1.el7
        oval oval:com.redhat.rhsa:tst:20171983017
      • comment postgresql-docs is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100908016
    • AND
      • comment postgresql-libs is earlier than 0:9.2.21-1.el7
        oval oval:com.redhat.rhsa:tst:20171983009
      • comment postgresql-libs is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100908024
    • AND
      • comment postgresql-plperl is earlier than 0:9.2.21-1.el7
        oval oval:com.redhat.rhsa:tst:20171983027
      • comment postgresql-plperl is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100908022
    • AND
      • comment postgresql-plpython is earlier than 0:9.2.21-1.el7
        oval oval:com.redhat.rhsa:tst:20171983007
      • comment postgresql-plpython is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100908018
    • AND
      • comment postgresql-pltcl is earlier than 0:9.2.21-1.el7
        oval oval:com.redhat.rhsa:tst:20171983013
      • comment postgresql-pltcl is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100908020
    • AND
      • comment postgresql-server is earlier than 0:9.2.21-1.el7
        oval oval:com.redhat.rhsa:tst:20171983005
      • comment postgresql-server is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100908012
    • AND
      • comment postgresql-static is earlier than 0:9.2.21-1.el7
        oval oval:com.redhat.rhsa:tst:20171983025
      • comment postgresql-static is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20171983026
    • AND
      • comment postgresql-test is earlier than 0:9.2.21-1.el7
        oval oval:com.redhat.rhsa:tst:20171983019
      • comment postgresql-test is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100908008
    • AND
      • comment postgresql-upgrade is earlier than 0:9.2.21-1.el7
        oval oval:com.redhat.rhsa:tst:20171983021
      • comment postgresql-upgrade is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20150750037
rhsa
id RHSA-2017:1983
released 2017-08-01
severity Moderate
title RHSA-2017:1983: postgresql security and enhancement update (Moderate)
rpms
  • postgresql-0:9.2.21-1.el7
  • postgresql-contrib-0:9.2.21-1.el7
  • postgresql-devel-0:9.2.21-1.el7
  • postgresql-docs-0:9.2.21-1.el7
  • postgresql-libs-0:9.2.21-1.el7
  • postgresql-plperl-0:9.2.21-1.el7
  • postgresql-plpython-0:9.2.21-1.el7
  • postgresql-pltcl-0:9.2.21-1.el7
  • postgresql-server-0:9.2.21-1.el7
  • postgresql-static-0:9.2.21-1.el7
  • postgresql-test-0:9.2.21-1.el7
  • postgresql-upgrade-0:9.2.21-1.el7
refmap via4
bid 98460
confirm https://www.postgresql.org/about/news/1746/
debian DSA-3851
gentoo GLSA-201710-06
sectrack 1038476
Last major update 12-05-2017 - 15:29
Published 12-05-2017 - 15:29
Last modified 03-11-2017 - 21:29
Back to Top