Bug 1260567 - (CVE-2015-6817) CVE-2015-6817 pgbouncer: failed auth_query lookup leads to connection as auth_user
CVE-2015-6817 pgbouncer: failed auth_query lookup leads to connection as auth...
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,public=20150905,repo...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-09-07 05:27 EDT by Martin Prpič
Modified: 2015-09-07 05:28 EDT (History)
1 user (show)

See Also:
Fixed In Version: pgbouncer 1.6.1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-09-07 05:28:10 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Martin Prpič 2015-09-07 05:27:18 EDT
The following flaw was found in PgBouncer:

New auth_user functionality introduced in 1.6 allows login as auth_user when client presents unknown username. It’s quite likely auth_user is superuser. Affects only setups that have enabled auth_user in their config.

Upstream issue:

http://comments.gmane.org/gmane.comp.db.postgresql.pgbouncer.general/1251

Upstream patch:

https://github.com/pgbouncer/pgbouncer/commit/7ca3e5279d05fceb1e8a043c6f5b6f58dea3ed38

External References:

https://pgbouncer.github.io/2015/09/pgbouncer-1-6-1/
Comment 1 Martin Prpič 2015-09-07 05:28:10 EDT
The auth_user functionality was introduced in version 1.6. Fedora ships versions 1.5.x and is thus not affected.

Note You need to log in before you can comment on or make changes to this bug.