Title: PostgreSQL Debian GNU/Linux Specific Local Information Disclosure Vulnerability
Severity: MODERATE
Description:
PostgreSQL is a freely distributed Object-Relational DBMS. It is available for a number of platforms including Unix and Linux variants and Microsoft Windows operating systems. is a freely distributed Object-Relational DBMS. It is available for a number of platforms including Unix and Linux variants and Microsoft Windows operating systems.
The version of PostgreSQL contained in Debian/GNU Linux is reported susceptible to an information disclosure vulnerability. This issue is due to improper file permissions in the default installation of the PostgreSQL package.
PostgreSQL log files contained in '/var/log/postgresql' have permissions allowing all users read access. These files may contain potentially sensitive information, including passwords of failed login attempts. Other sensitive information may also be present, depending on the specifics of the architecture of the database applications utilizing PostgreSQL.
This may aid attackers in further system compromise.
Versions up to, and including version 7.4.3-3 of the Debian package for PostgreSQL are reported affected by this vulnerability.
Affected Products:
- PostgreSQL PostgreSQL 7.4.3
References:
- Debian: Debian Bug report logs - #266878
- PostgreSQL: PostgreSQL Project Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
