|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
PostgreSQL: three vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of PostgreSQL.
Impacted products: Debian, Fedora, openSUSE Leap, PostgreSQL, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu, WindRiver Linux.
Creation date: 10/08/2017.
Identifiers: CVE-2017-7546, CVE-2017-7547, CVE-2017-7548, DLA-1051-1, DSA-3935-1, DSA-3936-1, FEDORA-2017-9148fe36b9, FEDORA-2017-d9cac37bd8, FEDORA-2017-f9e66916ec, openSUSE-SU-2017:2306-1, openSUSE-SU-2017:2391-1, openSUSE-SU-2017:2392-1, RHSA-2017:2677-01, RHSA-2017:2678-01, RHSA-2017:2728-01, RHSA-2017:2860-01, SUSE-SU-2017:2236-1, SUSE-SU-2017:2258-1, SUSE-SU-2017:2355-1, SUSE-SU-2017:2356-1, USN-3390-1, VIGILANCE-VUL-23493.
Description of the vulnerability
Several vulnerabilities were announced in PostgreSQL.
An attacker can bypass security features via Libpq Empty Passwords, in order to escalate his privileges. [severity:2/4; CVE-2017-7546]
An attacker can bypass security features via pg_user_mappings.umoptions, in order to obtain sensitive information. [severity:2/4; CVE-2017-7547]
An attacker can bypass security features via lo_put(), in order to escalate his privileges. [severity:2/4; CVE-2017-7548]
Complete Vigil@nce bulletin.... (Free trial)
Computer vulnerabilities tracking service
Vigil@nce provides a network vulnerability announce. The technology watch team tracks security threats targeting the computer system. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.