 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.843284 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu: Security Advisory (USN-3390-1) |
| Summary: | The remote host is missing an update for the 'postgresql-9.3, postgresql-9.5, postgresql-9.6' package(s) announced via the USN-3390-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'postgresql-9.3, postgresql-9.5, postgresql-9.6' package(s) announced via the USN-3390-1 advisory. Vulnerability Insight: Ben de Graaff, Jelte Fennema, and Jeroen van der Ham discovered that PostgreSQL allowed the use of empty passwords in some authentication methods, contrary to expected behaviour. A remote attacker could use an empty password to authenticate to servers that were believed to have password login disabled. (CVE-2017-7546) Jeff Janes discovered that PostgreSQL incorrectly handled the pg_user_mappings catalog view. A remote attacker without server privileges could possibly use this issue to obtain certain passwords. (CVE-2017-7547) Chapman Flack discovered that PostgreSQL incorrectly handled lo_put() permissions. A remote attacker could possibly use this issue to change the data in a large object. (CVE-2017-7548) Affected Software/OS: 'postgresql-9.3, postgresql-9.5, postgresql-9.6' package(s) on Ubuntu 14.04, Ubuntu 16.04, Ubuntu 17.04. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2017-7546 BugTraq ID: 100278 http://www.securityfocus.com/bid/100278 Debian Security Information: DSA-3935 (Google Search) http://www.debian.org/security/2017/dsa-3935 Debian Security Information: DSA-3936 (Google Search) http://www.debian.org/security/2017/dsa-3936 https://security.gentoo.org/glsa/201710-06 RedHat Security Advisories: RHSA-2017:2677 https://access.redhat.com/errata/RHSA-2017:2677 RedHat Security Advisories: RHSA-2017:2678 https://access.redhat.com/errata/RHSA-2017:2678 RedHat Security Advisories: RHSA-2017:2728 https://access.redhat.com/errata/RHSA-2017:2728 RedHat Security Advisories: RHSA-2017:2860 https://access.redhat.com/errata/RHSA-2017:2860 http://www.securitytracker.com/id/1039142 Common Vulnerability Exposure (CVE) ID: CVE-2017-7547 BugTraq ID: 100275 http://www.securityfocus.com/bid/100275 Common Vulnerability Exposure (CVE) ID: CVE-2017-7548 BugTraq ID: 100276 http://www.securityfocus.com/bid/100276 |
| Copyright | Copyright (C) 2017 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |