CVE-2017-7547
First published: Tue Aug 01 2017(Updated: )
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/postgresql | <9.2.22 | 9.2.22 |
| redhat/postgresql | <9.3.18 | 9.3.18 |
| redhat/postgresql | <9.4.13 | 9.4.13 |
| redhat/postgresql | <9.5.8 | 9.5.8 |
| redhat/postgresql | <9.6.4 | 9.6.4 |
| PostgreSQL PostgreSQL | =9.2 | |
| PostgreSQL PostgreSQL | =9.2.1 | |
| PostgreSQL PostgreSQL | =9.2.2 | |
| PostgreSQL PostgreSQL | =9.2.3 | |
| PostgreSQL PostgreSQL | =9.2.4 | |
| PostgreSQL PostgreSQL | =9.2.5 | |
| PostgreSQL PostgreSQL | =9.2.6 | |
| PostgreSQL PostgreSQL | =9.2.7 | |
| PostgreSQL PostgreSQL | =9.2.8 | |
| PostgreSQL PostgreSQL | =9.2.9 | |
| PostgreSQL PostgreSQL | =9.2.10 | |
| PostgreSQL PostgreSQL | =9.2.11 | |
| PostgreSQL PostgreSQL | =9.2.12 | |
| PostgreSQL PostgreSQL | =9.2.13 | |
| PostgreSQL PostgreSQL | =9.2.14 | |
| PostgreSQL PostgreSQL | =9.2.15 | |
| PostgreSQL PostgreSQL | =9.2.16 | |
| PostgreSQL PostgreSQL | =9.2.17 | |
| PostgreSQL PostgreSQL | =9.2.18 | |
| PostgreSQL PostgreSQL | =9.2.19 | |
| PostgreSQL PostgreSQL | =9.2.20 | |
| PostgreSQL PostgreSQL | =9.2.21 | |
| PostgreSQL PostgreSQL | =9.3 | |
| PostgreSQL PostgreSQL | =9.3.1 | |
| PostgreSQL PostgreSQL | =9.3.2 | |
| PostgreSQL PostgreSQL | =9.3.3 | |
| PostgreSQL PostgreSQL | =9.3.4 | |
| PostgreSQL PostgreSQL | =9.3.5 | |
| PostgreSQL PostgreSQL | =9.3.6 | |
| PostgreSQL PostgreSQL | =9.3.7 | |
| PostgreSQL PostgreSQL | =9.3.8 | |
| PostgreSQL PostgreSQL | =9.3.9 | |
| PostgreSQL PostgreSQL | =9.3.10 | |
| PostgreSQL PostgreSQL | =9.3.11 | |
| PostgreSQL PostgreSQL | =9.3.12 | |
| PostgreSQL PostgreSQL | =9.3.13 | |
| PostgreSQL PostgreSQL | =9.3.14 | |
| PostgreSQL PostgreSQL | =9.3.15 | |
| PostgreSQL PostgreSQL | =9.3.16 | |
| PostgreSQL PostgreSQL | =9.3.17 | |
| PostgreSQL PostgreSQL | =9.4 | |
| PostgreSQL PostgreSQL | =9.4.1 | |
| PostgreSQL PostgreSQL | =9.4.2 | |
| PostgreSQL PostgreSQL | =9.4.3 | |
| PostgreSQL PostgreSQL | =9.4.4 | |
| PostgreSQL PostgreSQL | =9.4.5 | |
| PostgreSQL PostgreSQL | =9.4.6 | |
| PostgreSQL PostgreSQL | =9.4.7 | |
| PostgreSQL PostgreSQL | =9.4.8 | |
| PostgreSQL PostgreSQL | =9.4.9 | |
| PostgreSQL PostgreSQL | =9.4.10 | |
| PostgreSQL PostgreSQL | =9.4.11 | |
| PostgreSQL PostgreSQL | =9.4.12 | |
| PostgreSQL PostgreSQL | =9.5 | |
| PostgreSQL PostgreSQL | =9.5.1. | |
| PostgreSQL PostgreSQL | =9.5.2 | |
| PostgreSQL PostgreSQL | =9.5.3 | |
| PostgreSQL PostgreSQL | =9.5.4 | |
| PostgreSQL PostgreSQL | =9.5.5 | |
| PostgreSQL PostgreSQL | =9.5.6 | |
| PostgreSQL PostgreSQL | =9.5.7 | |
| PostgreSQL PostgreSQL | =9.6 | |
| PostgreSQL PostgreSQL | =9.6.1 | |
| PostgreSQL PostgreSQL | =9.6.2 | |
| PostgreSQL PostgreSQL | =9.6.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.debian.org/security/2017/dsa-3935
- http://www.debian.org/security/2017/dsa-3936
- http://www.securityfocus.com/bid/100275
- http://www.securitytracker.com/id/1039142
- https://access.redhat.com/errata/RHSA-2017:2677
- https://access.redhat.com/errata/RHSA-2017:2678
- https://access.redhat.com/errata/RHSA-2017:2728
- https://security.gentoo.org/glsa/201710-06
- https://www.postgresql.org/about/news/1772/
- https://access.redhat.com/security/cve/CVE-2017-7486
- https://github.com/postgres/postgres/commit/b6e39ca92eeee4
- https://access.redhat.com/security/cve/CVE-2017-7547
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1480282
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1480283
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1480284
- https://access.redhat.com/support/policy/updates/errata/
- https://bugzilla.redhat.com/show_bug.cgi?id=1477185
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/references
- agent/author
- agent/weakness
- agent/severity
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2017-7547
- agent/software-canonical-lookup
- agent/tags
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/postgresql
- canonical/postgresql postgresql
- version/postgresql postgresql/9.2
- version/postgresql postgresql/9.2.1
- version/postgresql postgresql/9.2.2
- version/postgresql postgresql/9.2.3
- version/postgresql postgresql/9.2.4
- version/postgresql postgresql/9.2.5
- version/postgresql postgresql/9.2.6
- version/postgresql postgresql/9.2.7
- version/postgresql postgresql/9.2.8
- version/postgresql postgresql/9.2.9
- version/postgresql postgresql/9.2.10
- version/postgresql postgresql/9.2.11
- version/postgresql postgresql/9.2.12
- version/postgresql postgresql/9.2.13
- version/postgresql postgresql/9.2.14
- version/postgresql postgresql/9.2.15
- version/postgresql postgresql/9.2.16
- version/postgresql postgresql/9.2.17
- version/postgresql postgresql/9.2.18
- version/postgresql postgresql/9.2.19
- version/postgresql postgresql/9.2.20
- version/postgresql postgresql/9.2.21
- version/postgresql postgresql/9.3
- version/postgresql postgresql/9.3.1
- version/postgresql postgresql/9.3.2
- version/postgresql postgresql/9.3.3
- version/postgresql postgresql/9.3.4
- version/postgresql postgresql/9.3.5
- version/postgresql postgresql/9.3.6
- version/postgresql postgresql/9.3.7
- version/postgresql postgresql/9.3.8
- version/postgresql postgresql/9.3.9
- version/postgresql postgresql/9.3.10
- version/postgresql postgresql/9.3.11
- version/postgresql postgresql/9.3.12
- version/postgresql postgresql/9.3.13
- version/postgresql postgresql/9.3.14
- version/postgresql postgresql/9.3.15
- version/postgresql postgresql/9.3.16
- version/postgresql postgresql/9.3.17
- version/postgresql postgresql/9.4
- version/postgresql postgresql/9.4.1
- version/postgresql postgresql/9.4.2
- version/postgresql postgresql/9.4.3
- version/postgresql postgresql/9.4.4
- version/postgresql postgresql/9.4.5
- version/postgresql postgresql/9.4.6
- version/postgresql postgresql/9.4.7
- version/postgresql postgresql/9.4.8
- version/postgresql postgresql/9.4.9
- version/postgresql postgresql/9.4.10
- version/postgresql postgresql/9.4.11
- version/postgresql postgresql/9.4.12
- version/postgresql postgresql/9.5
- version/postgresql postgresql/9.5.1.
- version/postgresql postgresql/9.5.2
- version/postgresql postgresql/9.5.3
- version/postgresql postgresql/9.5.4
- version/postgresql postgresql/9.5.5
- version/postgresql postgresql/9.5.6
- version/postgresql postgresql/9.5.7
- version/postgresql postgresql/9.6
- version/postgresql postgresql/9.6.1
- version/postgresql postgresql/9.6.2
- version/postgresql postgresql/9.6.3