CVE-2017-7486: Infoleak
First published: Thu May 04 2017(Updated: )
PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/postgresql | <9.2.21 | 9.2.21 |
| redhat/postgresql | <9.3.17 | 9.3.17 |
| redhat/postgresql | <9.4.12 | 9.4.12 |
| redhat/postgresql | <9.5.7 | 9.5.7 |
| redhat/postgresql | <9.6.3 | 9.6.3 |
| PostgreSQL Common | =8.4 | |
| PostgreSQL Common | =8.4.1 | |
| PostgreSQL Common | =8.4.2 | |
| PostgreSQL Common | =8.4.3 | |
| PostgreSQL Common | =8.4.4 | |
| PostgreSQL Common | =8.4.5 | |
| PostgreSQL Common | =8.4.6 | |
| PostgreSQL Common | =8.4.7 | |
| PostgreSQL Common | =8.4.8 | |
| PostgreSQL Common | =8.4.9 | |
| PostgreSQL Common | =8.4.10 | |
| PostgreSQL Common | =8.4.11 | |
| PostgreSQL Common | =8.4.12 | |
| PostgreSQL Common | =8.4.13 | |
| PostgreSQL Common | =8.4.14 | |
| PostgreSQL Common | =8.4.15 | |
| PostgreSQL Common | =8.4.16 | |
| PostgreSQL Common | =8.4.17 | |
| PostgreSQL Common | =8.4.18 | |
| PostgreSQL Common | =8.4.19 | |
| PostgreSQL Common | =8.4.20 | |
| PostgreSQL Common | =8.4.21 | |
| PostgreSQL Common | =8.4.22 | |
| PostgreSQL Common | =9.0 | |
| PostgreSQL Common | =9.0.1 | |
| PostgreSQL Common | =9.0.2 | |
| PostgreSQL Common | =9.0.3 | |
| PostgreSQL Common | =9.0.4 | |
| PostgreSQL Common | =9.0.5 | |
| PostgreSQL Common | =9.0.6 | |
| PostgreSQL Common | =9.0.7 | |
| PostgreSQL Common | =9.0.8 | |
| PostgreSQL Common | =9.0.9 | |
| PostgreSQL Common | =9.0.10 | |
| PostgreSQL Common | =9.0.11 | |
| PostgreSQL Common | =9.0.12 | |
| PostgreSQL Common | =9.0.13 | |
| PostgreSQL Common | =9.0.14 | |
| PostgreSQL Common | =9.0.15 | |
| PostgreSQL Common | =9.0.16 | |
| PostgreSQL Common | =9.0.17 | |
| PostgreSQL Common | =9.0.18 | |
| PostgreSQL Common | =9.0.19 | |
| PostgreSQL Common | =9.0.20 | |
| PostgreSQL Common | =9.0.21 | |
| PostgreSQL Common | =9.0.22 | |
| PostgreSQL Common | =9.0.23 | |
| PostgreSQL Common | =9.1 | |
| PostgreSQL Common | =9.1.1 | |
| PostgreSQL Common | =9.1.2 | |
| PostgreSQL Common | =9.1.3 | |
| PostgreSQL Common | =9.1.4 | |
| PostgreSQL Common | =9.1.5 | |
| PostgreSQL Common | =9.1.6 | |
| PostgreSQL Common | =9.1.7 | |
| PostgreSQL Common | =9.1.8 | |
| PostgreSQL Common | =9.1.9 | |
| PostgreSQL Common | =9.1.10 | |
| PostgreSQL Common | =9.1.11 | |
| PostgreSQL Common | =9.1.12 | |
| PostgreSQL Common | =9.1.13 | |
| PostgreSQL Common | =9.1.14 | |
| PostgreSQL Common | =9.1.15 | |
| PostgreSQL Common | =9.1.16 | |
| PostgreSQL Common | =9.1.17 | |
| PostgreSQL Common | =9.1.18 | |
| PostgreSQL Common | =9.1.19 | |
| PostgreSQL Common | =9.1.20 | |
| PostgreSQL Common | =9.1.21 | |
| PostgreSQL Common | =9.1.22 | |
| PostgreSQL Common | =9.1.23 | |
| PostgreSQL Common | =9.1.24 | |
| PostgreSQL Common | =9.2 | |
| PostgreSQL Common | =9.2.1 | |
| PostgreSQL Common | =9.2.2 | |
| PostgreSQL Common | =9.2.3 | |
| PostgreSQL Common | =9.2.4 | |
| PostgreSQL Common | =9.2.5 | |
| PostgreSQL Common | =9.2.6 | |
| PostgreSQL Common | =9.2.7 | |
| PostgreSQL Common | =9.2.8 | |
| PostgreSQL Common | =9.2.9 | |
| PostgreSQL Common | =9.2.10 | |
| PostgreSQL Common | =9.2.11 | |
| PostgreSQL Common | =9.2.12 | |
| PostgreSQL Common | =9.2.13 | |
| PostgreSQL Common | =9.2.14 | |
| PostgreSQL Common | =9.2.15 | |
| PostgreSQL Common | =9.2.16 | |
| PostgreSQL Common | =9.2.17 | |
| PostgreSQL Common | =9.2.18 | |
| PostgreSQL Common | =9.2.19 | |
| PostgreSQL Common | =9.2.20 | |
| PostgreSQL Common | =9.2.21 | |
| PostgreSQL Common | =9.3 | |
| PostgreSQL Common | =9.3.1 | |
| PostgreSQL Common | =9.3.2 | |
| PostgreSQL Common | =9.3.3 | |
| PostgreSQL Common | =9.3.4 | |
| PostgreSQL Common | =9.3.5 | |
| PostgreSQL Common | =9.3.6 | |
| PostgreSQL Common | =9.3.7 | |
| PostgreSQL Common | =9.3.8 | |
| PostgreSQL Common | =9.3.9 | |
| PostgreSQL Common | =9.3.10 | |
| PostgreSQL Common | =9.3.11 | |
| PostgreSQL Common | =9.3.12 | |
| PostgreSQL Common | =9.3.13 | |
| PostgreSQL Common | =9.3.14 | |
| PostgreSQL Common | =9.3.15 | |
| PostgreSQL Common | =9.3.16 | |
| PostgreSQL Common | =9.3.17 | |
| PostgreSQL Common | =9.4 | |
| PostgreSQL Common | =9.4.1 | |
| PostgreSQL Common | =9.4.2 | |
| PostgreSQL Common | =9.4.3 | |
| PostgreSQL Common | =9.4.4 | |
| PostgreSQL Common | =9.4.5 | |
| PostgreSQL Common | =9.4.6 | |
| PostgreSQL Common | =9.4.7 | |
| PostgreSQL Common | =9.4.8 | |
| PostgreSQL Common | =9.4.9 | |
| PostgreSQL Common | =9.4.10 | |
| PostgreSQL Common | =9.4.11 | |
| PostgreSQL Common | =9.4.12 | |
| PostgreSQL Common | =9.5 | |
| PostgreSQL Common | =9.5.1 | |
| PostgreSQL Common | =9.5.2 | |
| PostgreSQL Common | =9.5.3 | |
| PostgreSQL Common | =9.5.4 | |
| PostgreSQL Common | =9.5.5 | |
| PostgreSQL Common | =9.5.6 | |
| PostgreSQL Common | =9.5.7 | |
| PostgreSQL Common | =9.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.debian.org/security/2017/dsa-3851
- http://www.securityfocus.com/bid/98460
- http://www.securitytracker.com/id/1038476
- https://access.redhat.com/errata/RHSA-2017:1677
- https://access.redhat.com/errata/RHSA-2017:1678
- https://access.redhat.com/errata/RHSA-2017:1838
- https://access.redhat.com/errata/RHSA-2017:1983
- https://access.redhat.com/errata/RHSA-2017:2425
- https://security.gentoo.org/glsa/201710-06
- https://www.postgresql.org/about/news/1746/
- https://github.com/postgres/postgres/commit/3eefc51053f
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1450116
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1450117
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1450115
- https://bugzilla.redhat.com/show_bug.cgi?id=1448089
Frequently Asked Questions
What is the severity of CVE-2017-7486?
CVE-2017-7486 has been classified as a moderate severity vulnerability affecting PostgreSQL.
How do I fix CVE-2017-7486?
To fix CVE-2017-7486, you need to upgrade PostgreSQL to version 9.2.21 or later, 9.3.17 or later, 9.4.12 or later, 9.5.7 or later, or 9.6.3 or later.
Which versions of PostgreSQL are affected by CVE-2017-7486?
CVE-2017-7486 affects PostgreSQL versions 8.4 through 9.6.
What does CVE-2017-7486 vulnerability expose?
CVE-2017-7486 exposes foreign server passwords through the pg_user_mappings view to any user with USAGE privilege on the foreign server.
Is CVE-2017-7486 still a risk if running a supported version of PostgreSQL?
If running a version of PostgreSQL that has been updated to the recommended releases, CVE-2017-7486 should no longer pose a risk.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2017-7486
- agent/software-canonical-lookup
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/postgresql
- canonical/postgresql common
- version/postgresql common/8.4
- version/postgresql common/8.4.1
- version/postgresql common/8.4.2
- version/postgresql common/8.4.3
- version/postgresql common/8.4.4
- version/postgresql common/8.4.5
- version/postgresql common/8.4.6
- version/postgresql common/8.4.7
- version/postgresql common/8.4.8
- version/postgresql common/8.4.9
- version/postgresql common/8.4.10
- version/postgresql common/8.4.11
- version/postgresql common/8.4.12
- version/postgresql common/8.4.13
- version/postgresql common/8.4.14
- version/postgresql common/8.4.15
- version/postgresql common/8.4.16
- version/postgresql common/8.4.17
- version/postgresql common/8.4.18
- version/postgresql common/8.4.19
- version/postgresql common/8.4.20
- version/postgresql common/8.4.21
- version/postgresql common/8.4.22
- version/postgresql common/9.0
- version/postgresql common/9.0.1
- version/postgresql common/9.0.2
- version/postgresql common/9.0.3
- version/postgresql common/9.0.4
- version/postgresql common/9.0.5
- version/postgresql common/9.0.6
- version/postgresql common/9.0.7
- version/postgresql common/9.0.8
- version/postgresql common/9.0.9
- version/postgresql common/9.0.10
- version/postgresql common/9.0.11
- version/postgresql common/9.0.12
- version/postgresql common/9.0.13
- version/postgresql common/9.0.14
- version/postgresql common/9.0.15
- version/postgresql common/9.0.16
- version/postgresql common/9.0.17
- version/postgresql common/9.0.18
- version/postgresql common/9.0.19
- version/postgresql common/9.0.20
- version/postgresql common/9.0.21
- version/postgresql common/9.0.22
- version/postgresql common/9.0.23
- version/postgresql common/9.1
- version/postgresql common/9.1.1
- version/postgresql common/9.1.2
- version/postgresql common/9.1.3
- version/postgresql common/9.1.4
- version/postgresql common/9.1.5
- version/postgresql common/9.1.6
- version/postgresql common/9.1.7
- version/postgresql common/9.1.8
- version/postgresql common/9.1.9
- version/postgresql common/9.1.10
- version/postgresql common/9.1.11
- version/postgresql common/9.1.12
- version/postgresql common/9.1.13
- version/postgresql common/9.1.14
- version/postgresql common/9.1.15
- version/postgresql common/9.1.16
- version/postgresql common/9.1.17
- version/postgresql common/9.1.18
- version/postgresql common/9.1.19
- version/postgresql common/9.1.20
- version/postgresql common/9.1.21
- version/postgresql common/9.1.22
- version/postgresql common/9.1.23
- version/postgresql common/9.1.24
- version/postgresql common/9.2
- version/postgresql common/9.2.1
- version/postgresql common/9.2.2
- version/postgresql common/9.2.3
- version/postgresql common/9.2.4
- version/postgresql common/9.2.5
- version/postgresql common/9.2.6
- version/postgresql common/9.2.7
- version/postgresql common/9.2.8
- version/postgresql common/9.2.9
- version/postgresql common/9.2.10
- version/postgresql common/9.2.11
- version/postgresql common/9.2.12
- version/postgresql common/9.2.13
- version/postgresql common/9.2.14
- version/postgresql common/9.2.15
- version/postgresql common/9.2.16
- version/postgresql common/9.2.17
- version/postgresql common/9.2.18
- version/postgresql common/9.2.19
- version/postgresql common/9.2.20
- version/postgresql common/9.2.21
- version/postgresql common/9.3
- version/postgresql common/9.3.1
- version/postgresql common/9.3.2
- version/postgresql common/9.3.3
- version/postgresql common/9.3.4
- version/postgresql common/9.3.5
- version/postgresql common/9.3.6
- version/postgresql common/9.3.7
- version/postgresql common/9.3.8
- version/postgresql common/9.3.9
- version/postgresql common/9.3.10
- version/postgresql common/9.3.11
- version/postgresql common/9.3.12
- version/postgresql common/9.3.13
- version/postgresql common/9.3.14
- version/postgresql common/9.3.15
- version/postgresql common/9.3.16
- version/postgresql common/9.3.17
- version/postgresql common/9.4
- version/postgresql common/9.4.1
- version/postgresql common/9.4.2
- version/postgresql common/9.4.3
- version/postgresql common/9.4.4
- version/postgresql common/9.4.5
- version/postgresql common/9.4.6
- version/postgresql common/9.4.7
- version/postgresql common/9.4.8
- version/postgresql common/9.4.9
- version/postgresql common/9.4.10
- version/postgresql common/9.4.11
- version/postgresql common/9.4.12
- version/postgresql common/9.5
- version/postgresql common/9.5.1
- version/postgresql common/9.5.2
- version/postgresql common/9.5.3
- version/postgresql common/9.5.4
- version/postgresql common/9.5.5
- version/postgresql common/9.5.6
- version/postgresql common/9.5.7
- version/postgresql common/9.6