Test ID:	1.3.6.1.4.1.25623.1.0.810992
Category:	Databases
Title:	PostgreSQL MITM Vulnerability (May 2017) - Linux
Summary:	PostgreSQL is prone to a man-in-the-middle (MITM); vulnerability.
Description:	Summary: PostgreSQL is prone to a man-in-the-middle (MITM) vulnerability. Vulnerability Insight: The flaw exists due to an error in the 'libpq' component of PostgreSQL, where the 'PGREQUIRESSL' environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. Vulnerability Impact: Successful exploitation will allow a man-in-the-middle attacker to strip the SSL/TLS protection from a connection between a client and a server. Affected Software/OS: PostgreSQL version 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3. Solution: Upgrade to PostgreSQL version 9.3.17 or 9.4.12 or 9.5.7 or 9.6.3 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-7485 BugTraq ID: 98461 http://www.securityfocus.com/bid/98461 Debian Security Information: DSA-3851 (Google Search) http://www.debian.org/security/2017/dsa-3851 https://security.gentoo.org/glsa/201710-06 RedHat Security Advisories: RHSA-2017:1677 https://access.redhat.com/errata/RHSA-2017:1677 RedHat Security Advisories: RHSA-2017:1678 https://access.redhat.com/errata/RHSA-2017:1678 RedHat Security Advisories: RHSA-2017:1838 https://access.redhat.com/errata/RHSA-2017:1838 RedHat Security Advisories: RHSA-2017:2425 https://access.redhat.com/errata/RHSA-2017:2425 http://www.securitytracker.com/id/1038476
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.