Описание
Multiple serious vulnerabilities have been found in PostgreSQL. Malicious users can exploit these vulnerabilities to bypass security restrictions and obtain sensitive information.
Below is a complete list of vulnerabilities:
- An improper handling of empty passwords in libpq can be exploited remotely via an empty password to bypass security (authentication) restrictions;
- An unspecified vulnerability related to the usage of the foreign data functionality can be exploited remotely to obtain sensitive information.
Technical details
Vulnerability (2) exists because all users (including those who did not have the USAGE permission on the associated foreign server) could see the options in the pg_user_mappings catalog.
Первичный источник обнаружения
Эксплуатация
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Связанные продукты
Список CVE
- CVE-2017-7546 critical
- CVE-2017-7547 warning
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com
Нашли неточность в описании этой уязвимости? Дайте нам знать!