STIGQter STIGQter: STIG Summary: EDB Postgres Advanced Server Security Technical Implementation Guide Version: 1 Release: 6 Benchmark Date: 25 Oct 2019: The EDB Postgres Advanced Server must prevent non-privileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures.

DISA Rule

SV-83591r1_rule

Vulnerability Number

V-68987

Group Title

SRG-APP-000340-DB-000304

Rule Version

PPS9-00-007400

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Revoke any privileges to privileged functionality by executing the REVOKE command as documented here:

http://www.postgresql.org/docs/current/static/sql-revoke.html

Check Contents

Review the system documentation to obtain the definition of the database/DBMS functionality considered privileged in the context of the system in question.

If any functionality considered privileged has access privileges granted to non-privileged users, this is a finding.

Vulnerability Number

V-68987

Documentable

False

Rule Version

PPS9-00-007400

Severity Override Guidance

Review the system documentation to obtain the definition of the database/DBMS functionality considered privileged in the context of the system in question.

If any functionality considered privileged has access privileges granted to non-privileged users, this is a finding.

Check Content Reference

M

Target Key

2933

Comments