SB2017060119 - Man-in-the-middle attack in postgresql (Alpine package)



SB2017060119 - Man-in-the-middle attack in postgresql (Alpine package)

Published: June 1, 2017

Security Bulletin ID SB2017060119
Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Man-in-the-middle attack (CVE-ID: CVE-2017-7485)

The vulnerability allows a remote attacker to conduct a man-in-the-middle attack.

The weakness exists in the PGREQUIRESSL environment due to no enforcement of a SSL/TLS connection to a PostgreSQL server. A remote attacker can launch a man-in-the-middle attack to strip the SSL/TLS protection from a connection between a client and a server and modify the communicated data.

Successful exploitation of the vulnerability results in unauthorized access to sensitive information.

Remediation

Install update from vendor's website.