CVE-2010-1170

Severity

60%

Complexity

68%

Confidentiality

106%

The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the table's ownership and permissions, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Tcl code by creating this table and inserting a crafted Tcl script.

The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the table's ownership and permissions, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Tcl code by creating this table and inserting a crafted Tcl script.

CVSS 2.0 Base Score 6. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P).

Overview

Type

PostgreSQL

First reported 14 years ago

2010-05-19 18:30:00

Last updated 7 years ago

2017-09-19 01:30:00

Affected Software

PostgreSQL PostgreSQL 7.4

7.4

PostgreSQL PostgreSQL 7.4.1

7.4.1

PostgreSQL PostgreSQL 7.4.2

7.4.2

PostgreSQL PostgreSQL 7.4.3

7.4.3

PostgreSQL PostgreSQL 7.4.4

7.4.4

PostgreSQL PostgreSQL 7.4.5

7.4.5

PostgreSQL PostgreSQL 7.4.6

7.4.6

PostgreSQL PostgreSQL 7.4.7

7.4.7

PostgreSQL PostgreSQL 7.4.8

7.4.8

PostgreSQL PostgreSQL 7.4.9

7.4.9

PostgreSQL PostgreSQL 7.4.10

7.4.10

PostgreSQL PostgreSQL 7.4.11

7.4.11

PostgreSQL PostgreSQL 7.4.12

7.4.12

PostgreSQL PostgreSQL 7.4.13

7.4.13

PostgreSQL PostgreSQL 7.4.14

7.4.14

PostgreSQL PostgreSQL 7.4.15

7.4.15

PostgreSQL PostgreSQL 7.4.16

7.4.16

PostgreSQL PostgreSQL 7.4.17

7.4.17

PostgreSQL PostgreSQL 7.4.18

7.4.18

PostgreSQL PostgreSQL 7.4.19

7.4.19

PostgreSQL PostgreSQL 7.4.20

7.4.20

PostgreSQL PostgreSQL 7.4.21

7.4.21

PostgreSQL PostgreSQL 7.4.22

7.4.22

PostgreSQL PostgreSQL 7.4.23

7.4.23

PostgreSQL PostgreSQL 7.4.24

7.4.24

PostgreSQL PostgreSQL 7.4.25

7.4.25

PostgreSQL PostgreSQL 7.4.26

7.4.26

PostgreSQL PostgreSQL 7.4.27

7.4.27

PostgreSQL PostgreSQL 7.4.28

7.4.28

PostgreSQL 8.0

8.0

PostgreSQL PostgreSQL 8.0.1

8.0.1

PostgreSQL PostgreSQL 8.0.2

8.0.2

PostgreSQL PostgreSQL 8.0.3

8.0.3

PostgreSQL PostgreSQL 8.0.4

8.0.4

PostgreSQL PostgreSQL 8.0.5

8.0.5

PostgreSQL PostgreSQL 8.0.6

8.0.6

PostgreSQL PostgreSQL 8.0.7

8.0.7

PostgreSQL PostgreSQL 8.0.8

8.0.8

PostgreSQL PostgreSQL 8.0.9

8.0.9

PostgreSQL PostgreSQL 8.0.10

8.0.10

PostgreSQL PostgreSQL 8.0.11

8.0.11

PostgreSQL PostgreSQL 8.0.12

8.0.12

PostgreSQL PostgreSQL 8.0.13

8.0.13

PostgreSQL PostgreSQL 8.0.14

8.0.14

PostgreSQL PostgreSQL 8.0.15

8.0.15

PostgreSQL PostgreSQL 8.0.16

8.0.16

PostgreSQL PostgreSQL 8.0.17

8.0.17

PostgreSQL PostgreSQL 8.0.18

8.0.18

PostgreSQL PostgreSQL 8.0.19

8.0.19

PostgreSQL PostgreSQL 8.0.20

8.0.20

PostgreSQL PostgreSQL 8.0.21

8.0.21

PostgreSQL PostgreSQL 8.0.22

8.0.22

PostgreSQL PostgreSQL 8.0.23

8.0.23

PostgreSQL PostgreSQL 8.0.24

8.0.24

PostgreSQL 8.1

8.1

PostgreSQL 8.1.0

8.1.0

PostgreSQL 8.1.1

8.1.1

PostgreSQL 8.1.2

8.1.2

PostgreSQL 8.1.3

8.1.3

PostgreSQL 8.1.4

8.1.4

PostgreSQL 8.1.5

8.1.5

PostgreSQL 8.1.6

8.1.6

PostgreSQL 8.1.7

8.1.7

PostgreSQL 8.1.8

8.1.8

PostgreSQL 8.1.9

8.1.9

PostgreSQL 8.1.10

8.1.10

PostgreSQL 8.1.11

8.1.11

PostgreSQL 8.1.12

8.1.12

PostgreSQL 8.1.13

8.1.13

PostgreSQL 8.1.14

8.1.14

PostgreSQL 8.1.15

8.1.15

PostgreSQL 8.1.16

8.1.16

PostgreSQL 8.1.17

8.1.17

PostgreSQL 8.1.18

8.1.18

PostgreSQL 8.1.19

8.1.19

PostgreSQL 8.1.20

8.1.20

PostgreSQL 8.2

8.2

PostgreSQL 8.2.1

8.2.1

PostgreSQL 8.2.2

8.2.2

PostgreSQL 8.2.3

8.2.3

PostgreSQL 8.2.4

8.2.4

PostgreSQL 8.2.5

8.2.5

PostgreSQL 8.2.6

8.2.6

PostgreSQL 8.2.7

8.2.7

PostgreSQL 8.2.8

8.2.8

PostgreSQL 8.2.9

8.2.9

PostgreSQL 8.2.10

8.2.10

PostgreSQL 8.2.11

8.2.11

PostgreSQL 8.2.12

8.2.12

PostgreSQL 8.2.13

8.2.13

PostgreSQL 8.2.14

8.2.14

PostgreSQL 8.2.15

8.2.15

PostgreSQL 8.2.16

8.2.16

PostgreSQL 8.3

8.3

PostgreSQL 8.3.1

8.3.1

PostgreSQL 8.3.2

8.3.2

PostgreSQL 8.3.3

8.3.3

PostgreSQL 8.3.4

8.3.4

PostgreSQL 8.3.5

8.3.5

PostgreSQL 8.3.6

8.3.6

PostgreSQL 8.3.7

8.3.7

PostgreSQL 8.3.8

8.3.8

PostgreSQL 8.3.9

8.3.9

PostgreSQL 8.3.10

8.3.10

PostgreSQL 8.4

8.4

PostgreSQL 8.4.1

8.4.1

PostgreSQL 8.4.2

8.4.2

PostgreSQL 8.4.3

8.4.3

References

FEDORA-2010-8696

FEDORA-2010-8715

FEDORA-2010-8723

SUSE-SR:2010:014

SSRT100617

64757

39815

39820

39845

Vendor Advisory

39898

39939

DSA-2051

MDVSA-2010:103

[oss-security] 20100520 CVE-2010-1974 reject request (dupe of CVE-2010-1168) and CVE-2010-1447 description modification request

http://www.postgresql.org/about/news.1203

Vendor Advisory

http://www.postgresql.org/docs/current/static/release-7-4-29.html

http://www.postgresql.org/docs/current/static/release-8-0-25.html

http://www.postgresql.org/docs/current/static/release-8-1-21.html

http://www.postgresql.org/docs/current/static/release-8-2-17.html

http://www.postgresql.org/docs/current/static/release-8-3-11.html

http://www.postgresql.org/docs/current/static/release-8-4-4.html

http://www.postgresql.org/support/security

RHSA-2010:0427

RHSA-2010:0428

RHSA-2010:0429

RHSA-2010:0430

40215

1023987

ADV-2010-1167

Patch, Vendor Advisory

ADV-2010-1182

ADV-2010-1197

ADV-2010-1198

ADV-2010-1207

ADV-2010-1221

https://bugzilla.redhat.com/show_bug.cgi?id=583072

oval:org.mitre.oval:def:10510

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.