Test ID:	1.3.6.1.4.1.25623.1.0.813751
Category:	Databases
Title:	PostgreSQL 'libpq' Security Bypass Vulnerability (Aug 2018) - Windows
Summary:	PostgreSQL is prone to a security bypass vulnerability.
Description:	Summary: PostgreSQL is prone to a security bypass vulnerability. Vulnerability Insight: The flaw exists due to an internal issue in the 'libpq' the client connection API for PostgreSQL where it did not reset all of its connection state variables when attempting to reconnect. In particular, the state variable that determined whether or not a password is needed for a connection would not be reset. Vulnerability Impact: Successful exploitation will allow an attacker to bypass client-side connection security features and obtain access to higher privileged connections or potentially cause other possible impact. Affected Software/OS: PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19 and 9.3.24. Solution: Update to version 10.5 or 9.6.10 or 9.5.14 or 9.4.19 or 9.3.24 or later. Please see the references for more information. CVSS Score: 6.0 CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-10915 BugTraq ID: 105054 http://www.securityfocus.com/bid/105054 Debian Security Information: DSA-4269 (Google Search) https://www.debian.org/security/2018/dsa-4269 https://security.gentoo.org/glsa/201810-08 https://lists.debian.org/debian-lts-announce/2018/08/msg00012.html RedHat Security Advisories: RHSA-2018:2511 https://access.redhat.com/errata/RHSA-2018:2511 RedHat Security Advisories: RHSA-2018:2557 https://access.redhat.com/errata/RHSA-2018:2557 RedHat Security Advisories: RHSA-2018:2565 https://access.redhat.com/errata/RHSA-2018:2565 RedHat Security Advisories: RHSA-2018:2566 https://access.redhat.com/errata/RHSA-2018:2566 RedHat Security Advisories: RHSA-2018:2643 https://access.redhat.com/errata/RHSA-2018:2643 RedHat Security Advisories: RHSA-2018:2721 https://access.redhat.com/errata/RHSA-2018:2721 RedHat Security Advisories: RHSA-2018:2729 https://access.redhat.com/errata/RHSA-2018:2729 RedHat Security Advisories: RHSA-2018:3816 https://access.redhat.com/errata/RHSA-2018:3816 http://www.securitytracker.com/id/1041446 SuSE Security Announcement: openSUSE-SU-2020:1227 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html https://usn.ubuntu.com/3744-1/
Copyright	Copyright (C) 2018 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.