Kaspersky ID:
KLA11014
Дата обнаружения:
11/05/2017
Обновлено:
22/01/2024

Описание

Multiple serious vulnerabilities have been found in PostgreSQL. Malicious users can exploit these vulnerabilities to bypass security restrictions and obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. An incorrect check of user privileges in some selectivity estimation functions can be exploited remotely possibly to bypass security restrictions or obtain sensitive information;
  2. An issue with enforcing a SSL/TLS connection which is done by the PGREQUIRESSL environment variable can be exploited remotely possibly to bypass security restrictions or obtain sensitive information;
  3. An improper implementation of pg_user_mappings access qualifications can be exploited remotely to obtain sensitive information.

Technical details

Vulnerability (1) is related to providing information from pg_static.

NB: These vulnerabilities don’t have any public CVSS ratings so rating can be changed by the time.

Первичный источник обнаружения

Связанные продукты

Список CVE

  • CVE-2017-7484
    warning
  • CVE-2017-7485
    warning
  • CVE-2017-7486
    warning

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com

Нашли неточность в описании этой уязвимости? Дайте нам знать!
Узнай больше об угрозах и векторах атаки на Энциклопедии Kaspersky
Бесплатно
Читать
Kaspersky Premium
Комплексное решение для защиты вашей цифровой жизни
Премиум
Скачать
Confirm changes?
Your message has been sent successfully.