Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
DB:POSTGRESQL-POLICY-BYPASS |
|---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
DB |
Keywords |
PostgreSQL Database Core Server Client Policy Bypass |
Release Date |
2017/08/29 |
Update Number |
2984 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
DB: PostgreSQL Database Core Server Client Policy Bypass
A security policy bypass vulnerability has been reported in PostgreSQL database server. A remote attacker could send maliciously crafted requests to a vulnerable server. A successful exploitation may result in unauthorized access or modification of data between the client and server.
Extended Description
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password.
Affected Products
- Debian debian_linux 9.0
- Postgresql postgresql 9.2
- Postgresql postgresql 9.2.1
- Postgresql postgresql 9.2.10
- Postgresql postgresql 9.2.11
- Postgresql postgresql 9.2.12
- Postgresql postgresql 9.2.13
- Postgresql postgresql 9.2.14
- Postgresql postgresql 9.2.15
- Postgresql postgresql 9.2.16
- Postgresql postgresql 9.2.17
- Postgresql postgresql 9.2.18
- Postgresql postgresql 9.2.19
- Postgresql postgresql 9.2.2
- Postgresql postgresql 9.2.20
- Postgresql postgresql 9.2.21
- Postgresql postgresql 9.2.3
- Postgresql postgresql 9.2.4
- Postgresql postgresql 9.2.5
- Postgresql postgresql 9.2.6
- Postgresql postgresql 9.2.7
- Postgresql postgresql 9.2.8
- Postgresql postgresql 9.2.9
- Postgresql postgresql 9.3
- Postgresql postgresql 9.3.1
- Postgresql postgresql 9.3.10
- Postgresql postgresql 9.3.11
- Postgresql postgresql 9.3.12
- Postgresql postgresql 9.3.13
- Postgresql postgresql 9.3.14
- Postgresql postgresql 9.3.15
- Postgresql postgresql 9.3.16
- Postgresql postgresql 9.3.17
- Postgresql postgresql 9.3.2
- Postgresql postgresql 9.3.3
- Postgresql postgresql 9.3.4
- Postgresql postgresql 9.3.5
- Postgresql postgresql 9.3.6
- Postgresql postgresql 9.3.7
- Postgresql postgresql 9.3.8
- Postgresql postgresql 9.3.9
- Postgresql postgresql 9.4
- Postgresql postgresql 9.4.1
- Postgresql postgresql 9.4.10
- Postgresql postgresql 9.4.11
- Postgresql postgresql 9.4.12
- Postgresql postgresql 9.4.2
- Postgresql postgresql 9.4.3
- Postgresql postgresql 9.4.4
- Postgresql postgresql 9.4.5
- Postgresql postgresql 9.4.6
- Postgresql postgresql 9.4.7
- Postgresql postgresql 9.4.8
- Postgresql postgresql 9.4.9
- Postgresql postgresql 9.5
- Postgresql postgresql 9.5.1
- Postgresql postgresql 9.5.2
- Postgresql postgresql 9.5.3
- Postgresql postgresql 9.5.4
- Postgresql postgresql 9.5.5
- Postgresql postgresql 9.5.6
- Postgresql postgresql 9.5.7
- Postgresql postgresql 9.6
- Postgresql postgresql 9.6.1
- Postgresql postgresql 9.6.2
- Postgresql postgresql 9.6.3
References
- BugTraq: 100278
- CVE: CVE-2017-7546