CVE-2017-7547
First published: Tue Aug 01 2017(Updated: )
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/postgresql | <9.2.22 | 9.2.22 |
| redhat/postgresql | <9.3.18 | 9.3.18 |
| redhat/postgresql | <9.4.13 | 9.4.13 |
| redhat/postgresql | <9.5.8 | 9.5.8 |
| redhat/postgresql | <9.6.4 | 9.6.4 |
| PostgreSQL Common | =9.2 | |
| PostgreSQL Common | =9.2.1 | |
| PostgreSQL Common | =9.2.2 | |
| PostgreSQL Common | =9.2.3 | |
| PostgreSQL Common | =9.2.4 | |
| PostgreSQL Common | =9.2.5 | |
| PostgreSQL Common | =9.2.6 | |
| PostgreSQL Common | =9.2.7 | |
| PostgreSQL Common | =9.2.8 | |
| PostgreSQL Common | =9.2.9 | |
| PostgreSQL Common | =9.2.10 | |
| PostgreSQL Common | =9.2.11 | |
| PostgreSQL Common | =9.2.12 | |
| PostgreSQL Common | =9.2.13 | |
| PostgreSQL Common | =9.2.14 | |
| PostgreSQL Common | =9.2.15 | |
| PostgreSQL Common | =9.2.16 | |
| PostgreSQL Common | =9.2.17 | |
| PostgreSQL Common | =9.2.18 | |
| PostgreSQL Common | =9.2.19 | |
| PostgreSQL Common | =9.2.20 | |
| PostgreSQL Common | =9.2.21 | |
| PostgreSQL Common | =9.3 | |
| PostgreSQL Common | =9.3.1 | |
| PostgreSQL Common | =9.3.2 | |
| PostgreSQL Common | =9.3.3 | |
| PostgreSQL Common | =9.3.4 | |
| PostgreSQL Common | =9.3.5 | |
| PostgreSQL Common | =9.3.6 | |
| PostgreSQL Common | =9.3.7 | |
| PostgreSQL Common | =9.3.8 | |
| PostgreSQL Common | =9.3.9 | |
| PostgreSQL Common | =9.3.10 | |
| PostgreSQL Common | =9.3.11 | |
| PostgreSQL Common | =9.3.12 | |
| PostgreSQL Common | =9.3.13 | |
| PostgreSQL Common | =9.3.14 | |
| PostgreSQL Common | =9.3.15 | |
| PostgreSQL Common | =9.3.16 | |
| PostgreSQL Common | =9.3.17 | |
| PostgreSQL Common | =9.4 | |
| PostgreSQL Common | =9.4.1 | |
| PostgreSQL Common | =9.4.2 | |
| PostgreSQL Common | =9.4.3 | |
| PostgreSQL Common | =9.4.4 | |
| PostgreSQL Common | =9.4.5 | |
| PostgreSQL Common | =9.4.6 | |
| PostgreSQL Common | =9.4.7 | |
| PostgreSQL Common | =9.4.8 | |
| PostgreSQL Common | =9.4.9 | |
| PostgreSQL Common | =9.4.10 | |
| PostgreSQL Common | =9.4.11 | |
| PostgreSQL Common | =9.4.12 | |
| PostgreSQL Common | =9.5 | |
| PostgreSQL Common | =9.5.1. | |
| PostgreSQL Common | =9.5.2 | |
| PostgreSQL Common | =9.5.3 | |
| PostgreSQL Common | =9.5.4 | |
| PostgreSQL Common | =9.5.5 | |
| PostgreSQL Common | =9.5.6 | |
| PostgreSQL Common | =9.5.7 | |
| PostgreSQL Common | =9.6 | |
| PostgreSQL Common | =9.6.1 | |
| PostgreSQL Common | =9.6.2 | |
| PostgreSQL Common | =9.6.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.debian.org/security/2017/dsa-3935
- http://www.debian.org/security/2017/dsa-3936
- http://www.securityfocus.com/bid/100275
- http://www.securitytracker.com/id/1039142
- https://access.redhat.com/errata/RHSA-2017:2677
- https://access.redhat.com/errata/RHSA-2017:2678
- https://access.redhat.com/errata/RHSA-2017:2728
- https://security.gentoo.org/glsa/201710-06
- https://www.postgresql.org/about/news/1772/
- https://access.redhat.com/security/cve/CVE-2017-7486
- https://github.com/postgres/postgres/commit/b6e39ca92eeee4
- https://access.redhat.com/security/cve/CVE-2017-7547
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1480282
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1480283
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1480284
- https://access.redhat.com/support/policy/updates/errata/
- https://bugzilla.redhat.com/show_bug.cgi?id=1477185
Frequently Asked Questions
What is the severity of CVE-2017-7547?
CVE-2017-7547 is classified as a medium severity vulnerability.
How do I fix CVE-2017-7547?
To fix CVE-2017-7547, upgrade to PostgreSQL versions 9.2.22, 9.3.18, 9.4.13, 9.5.8, or 9.6.4 or later.
What types of PostgreSQL versions are affected by CVE-2017-7547?
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8, and 9.6.4 are affected by CVE-2017-7547.
Who can exploit CVE-2017-7547?
Remote authenticated attackers can exploit CVE-2017-7547 to retrieve passwords from user mappings.
What is the nature of the vulnerability in CVE-2017-7547?
CVE-2017-7547 is an authorization flaw that allows access to sensitive information without the necessary privileges.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/references
- agent/author
- agent/weakness
- agent/severity
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2017-7547
- agent/software-canonical-lookup
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/postgresql
- canonical/postgresql common
- version/postgresql common/9.2
- version/postgresql common/9.2.1
- version/postgresql common/9.2.2
- version/postgresql common/9.2.3
- version/postgresql common/9.2.4
- version/postgresql common/9.2.5
- version/postgresql common/9.2.6
- version/postgresql common/9.2.7
- version/postgresql common/9.2.8
- version/postgresql common/9.2.9
- version/postgresql common/9.2.10
- version/postgresql common/9.2.11
- version/postgresql common/9.2.12
- version/postgresql common/9.2.13
- version/postgresql common/9.2.14
- version/postgresql common/9.2.15
- version/postgresql common/9.2.16
- version/postgresql common/9.2.17
- version/postgresql common/9.2.18
- version/postgresql common/9.2.19
- version/postgresql common/9.2.20
- version/postgresql common/9.2.21
- version/postgresql common/9.3
- version/postgresql common/9.3.1
- version/postgresql common/9.3.2
- version/postgresql common/9.3.3
- version/postgresql common/9.3.4
- version/postgresql common/9.3.5
- version/postgresql common/9.3.6
- version/postgresql common/9.3.7
- version/postgresql common/9.3.8
- version/postgresql common/9.3.9
- version/postgresql common/9.3.10
- version/postgresql common/9.3.11
- version/postgresql common/9.3.12
- version/postgresql common/9.3.13
- version/postgresql common/9.3.14
- version/postgresql common/9.3.15
- version/postgresql common/9.3.16
- version/postgresql common/9.3.17
- version/postgresql common/9.4
- version/postgresql common/9.4.1
- version/postgresql common/9.4.2
- version/postgresql common/9.4.3
- version/postgresql common/9.4.4
- version/postgresql common/9.4.5
- version/postgresql common/9.4.6
- version/postgresql common/9.4.7
- version/postgresql common/9.4.8
- version/postgresql common/9.4.9
- version/postgresql common/9.4.10
- version/postgresql common/9.4.11
- version/postgresql common/9.4.12
- version/postgresql common/9.5
- version/postgresql common/9.5.1.
- version/postgresql common/9.5.2
- version/postgresql common/9.5.3
- version/postgresql common/9.5.4
- version/postgresql common/9.5.5
- version/postgresql common/9.5.6
- version/postgresql common/9.5.7
- version/postgresql common/9.6
- version/postgresql common/9.6.1
- version/postgresql common/9.6.2
- version/postgresql common/9.6.3