Back to search
CVE-2010-1170
Published: May 19, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the table's ownership and permissions, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Tcl code by creating this table and inserting a crafted Tcl script.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.postgresql.org/docs/current/static/release-8-1-21.html
x_refsource_CONFIRM
FEDORA-2010-8715
vendor-advisory
x_refsource_FEDORA
http://www.postgresql.org/about/news.1203
x_refsource_CONFIRM
RHSA-2010:0427
vendor-advisory
x_refsource_REDHAT
1023987
vdb-entry
x_refsource_SECTRACK
RHSA-2010:0428
vendor-advisory
x_refsource_REDHAT
HPSBMU02781
vendor-advisory
x_refsource_HP
DSA-2051
vendor-advisory
x_refsource_DEBIAN
39898
third-party-advisory
x_refsource_SECUNIA
http://www.postgresql.org/docs/current/static/release-7-4-29.html
x_refsource_CONFIRM
39820
third-party-advisory
x_refsource_SECUNIA
ADV-2010-1198
vdb-entry
x_refsource_VUPEN
http://www.postgresql.org/docs/current/static/release-8-0-25.html
x_refsource_CONFIRM
ADV-2010-1167
vdb-entry
x_refsource_VUPEN
ADV-2010-1221
vdb-entry
x_refsource_VUPEN
39845
third-party-advisory
x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=583072
x_refsource_CONFIRM
40215
vdb-entry
x_refsource_BID
http://www.postgresql.org/docs/current/static/release-8-3-11.html
x_refsource_CONFIRM
64757
vdb-entry
x_refsource_OSVDB
ADV-2010-1207
vdb-entry
x_refsource_VUPEN
http://www.postgresql.org/docs/current/static/release-8-2-17.html
x_refsource_CONFIRM
RHSA-2010:0430
vendor-advisory
x_refsource_REDHAT
http://www.postgresql.org/support/security
x_refsource_CONFIRM
FEDORA-2010-8696
vendor-advisory
x_refsource_FEDORA
FEDORA-2010-8723
vendor-advisory
x_refsource_FEDORA
http://www.postgresql.org/docs/current/static/release-8-4-4.html
x_refsource_CONFIRM
SUSE-SR:2010:014
vendor-advisory
x_refsource_SUSE
ADV-2010-1182
vdb-entry
x_refsource_VUPEN
39815
third-party-advisory
x_refsource_SECUNIA
RHSA-2010:0429
vendor-advisory
x_refsource_REDHAT
MDVSA-2010:103
vendor-advisory
x_refsource_MANDRIVA
39939
third-party-advisory
x_refsource_SECUNIA
SSRT100617
vendor-advisory
x_refsource_HP
oval:org.mitre.oval:def:10510
vdb-entry
signature
x_refsource_OVAL
ADV-2010-1197
vdb-entry
x_refsource_VUPEN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now