DB: PostgreSQL Database Core Server Client Policy Bypass

A security policy bypass vulnerability has been reported in PostgreSQL database server. A remote attacker could send maliciously crafted requests to a vulnerable server. A successful exploitation may result in unauthorized access or modification of data between the client and server.

Extended Description

PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password.

Affected Products

Postgresql postgresql

References

BugTraq: 100278

CVE: CVE-2017-7546

Short Name
DB:POSTGRESQL-POLICY-BYPASS
Severity
Major
Recommended
True
Recommended Action
Drop
Category
DB
Keywords
Bypass CVE-2017-7546 Client Core Database Policy PostgreSQL Server bid:100278
Release Date
08/29/2017
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3337
Port
TCP/5432
False Positive
Unknown
Vendors

Postgresql

Debian

CVSS Score

7.5

Found a potential security threat?