Bug 1477185 (CVE-2017-7547)
| Summary: | CVE-2017-7547 postgresql: pg_user_mappings view discloses passwords to users lacking server privileges | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | bkearney, cpelland, dajohnso, databases-maint, devrim, gblomqui, ggainey, gmccullo, gtanzill, hhorak, hhudgeon, jfrey, jhardy, jmlich83, jorton, jprause, jstanek, kbost, meissner, mike, obarenbo, pkubat, praiskup, roliveri, security-response-team, simaishi, tgl, thomas, tlestach, yozone |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | postgresql 9.2.22, postgresql 9.3.18, postgresql 9.4.13, postgresql 9.5.8, postgresql 9.6.4 | Doc Type: | If docs needed, set a value |
| Doc Text: |
An authorization flaw was found in the way PostgreSQL handled access to the pg_user_mappings view on foreign servers. A remote, authenticated attacker could potentially use this flaw to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-06-08 03:19:40 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1477696, 1477697, 1480282, 1480283, 1480284, 1484638, 1484639, 1484640, 1484641, 1484642, 1484643 | ||
| Bug Blocks: | 1477189 | ||
|
Description
Adam Mariš
2017-08-01 12:29:56 UTC
Acknowledgments: Name: the PostgreSQL project Upstream: Jeff Janes External References: https://www.postgresql.org/about/news/1772/ Created mingw-postgresql tracking bugs for this issue: Affects: epel-7 [bug 1480282] Affects: fedora-all [bug 1480283] Created postgresql tracking bugs for this issue: Affects: fedora-all [bug 1480284] This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS Via RHSA-2017:2677 https://access.redhat.com/errata/RHSA-2017:2677 This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS Via RHSA-2017:2678 https://access.redhat.com/errata/RHSA-2017:2678 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:2728 https://access.redhat.com/errata/RHSA-2017:2728 Statement: Red Hat Satellite 5 are is in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. |