CVE-2017-7546 Amazon Linux Security Advisory for postgresql8: AL2012-2017-221

漏洞类别:Amazon Linux

漏洞等级:

漏洞信息

Package updates are available for Amazon Linux that fix the following vulnerabilities:
CVE-2017-7546: * It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq’s refusal to send an empty password. A remote attacker could potentially use this flaw to gain access to database accounts with empty passwords.

QID Detection Logic (Authenticated):
This QID verifies if the versions of the following packages is less than 8.4.20-8.53.al12: postgresql8-debuginfo,postgresql8-plpython,postgresql8,postgresql8-devel,postgresql8-contrib,postgresql8-server,postgresql8-test,postgresql8-docs,postgresql8-libs,postgresql8-plperl,postgresql8-pltcl

漏洞危害

Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.

解决方案

Administrators are advised to apply the appropriate software updates.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

AL2012-2017-221

Leave a Reply