Main Vulnerability Database Vulnerabilities #VU31228

Improper access control in PostgreSQL - CVE-2016-7048

Published: August 20, 2018 / Updated: July 17, 2020

Vulnerability identifier: #VU31228

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2016-7048

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: PostgreSQL Global Development Group

Affected software:
PostgreSQL

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 might allow remote attackers to execute arbitrary code by leveraging use of HTTP to download software.

How to mitigate CVE-2016-7048

Install update from vendor's website.

Sources

https://bugzilla.redhat.com/show_bug.cgi?id=1378043
https://www.postgresql.org/support/security/

Improper access control in PostgreSQL - CVE-2016-7048

Detailed vulnerability description

How to mitigate CVE-2016-7048

Sources

Please verify you're human