Multiple vulnerabilities in PostgreSQL
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2010-1975 CVE-2010-1447 CVE-2010-1170 CVE-2010-1169 |
| CWE-ID | CWE-264 CWE-94 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
PostgreSQL Server applications / Database software |
| Vendor | PostgreSQL Global Development Group |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU111767
Risk: Medium
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2010-1975
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote user to read and manipulate data.
PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement.
MitigationInstall update from vendor's website.
Vulnerable software versionsPostgreSQL: 7.4 - 8.4.3
CPE2.3- cpe:2.3:a:postgresql_global_development_group:postgresql:7.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql_global_development_group:postgresql:*:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql_global_development_group:postgresql:7.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql_global_development_group:postgresql:7.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql_global_development_group:postgresql:7.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql_global_development_group:postgresql:7.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql_global_development_group:postgresql:7.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql_global_development_group:postgresql:7.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql_global_development_group:postgresql:7.4.9:*:*:*:*:*:*:*
https://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
https://marc.info/?l=bugtraq&m=134124585221119&w=2
https://secunia.com/advisories/39939
https://www.debian.org/security/2010/dsa-2051
https://www.mandriva.com/security/advisories?name=MDVSA-2010:103
https://www.postgresql.org/docs/current/static/release-7-4-29.html
https://www.postgresql.org/docs/current/static/release-8-0-25.html
https://www.postgresql.org/docs/current/static/release-8-1-21.html
https://www.postgresql.org/docs/current/static/release-8-2-17.html
https://www.postgresql.org/docs/current/static/release-8-3-11.html
https://www.postgresql.org/docs/current/static/release-8-4-4.html
https://www.securityfocus.com/bid/40304
https://www.vupen.com/english/advisories/2010/1207
https://www.vupen.com/english/advisories/2010/1221
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11004
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU111768
Risk: High
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2010-1447
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code.
The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution.
MitigationInstall update from vendor's website.
Vulnerable software versionsPostgreSQL: 7.4 - 8.4.3
CPE2.3- cpe:2.3:a:postgresql_global_development_group:postgresql:7.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql_global_development_group:postgresql:7.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql_global_development_group:postgresql:7.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql_global_development_group:postgresql:7.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql_global_development_group:postgresql:7.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql_global_development_group:postgresql:7.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql_global_development_group:postgresql:7.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql_global_development_group:postgresql:7.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql_global_development_group:postgresql:7.4.20:*:*:*:*:*:*:*
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
https://osvdb.org/64756
https://secunia.com/advisories/39845
https://secunia.com/advisories/40049
https://secunia.com/advisories/40052
https://security-tracker.debian.org/tracker/CVE-2010-1447
https://www.debian.org/security/2011/dsa-2267
https://www.mandriva.com/security/advisories?name=MDVSA-2010:115
https://www.mandriva.com/security/advisories?name=MDVSA-2010:116
https://www.openwall.com/lists/oss-security/2010/05/20/5
https://www.postgresql.org/about/news.1203
https://www.redhat.com/support/errata/RHSA-2010-0457.html
https://www.redhat.com/support/errata/RHSA-2010-0458.html
https://www.securityfocus.com/bid/40305
https://www.securitytracker.com/id?1023988
https://www.vupen.com/english/advisories/2010/1167
https://bugs.launchpad.net/bugs/cve/2010-1447
https://bugzilla.redhat.com/show_bug.cgi?id=588269
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11530
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7320
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU111769
Risk: Medium
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2010-1170
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote user to read and manipulate data.
The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the table's ownership and permissions, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Tcl code by creating this table and inserting a crafted Tcl script.
MitigationInstall update from vendor's website.
Vulnerable software versionsPostgreSQL: 7.4 - 8.4.3
CPE2.3- cpe:2.3:a:postgresql_global_development_group:postgresql:7.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql_global_development_group:postgresql:7.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql_global_development_group:postgresql:7.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql_global_development_group:postgresql:7.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql_global_development_group:postgresql:7.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql_global_development_group:postgresql:7.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql_global_development_group:postgresql:7.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql_global_development_group:postgresql:7.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql_global_development_group:postgresql:7.4.20:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql_global_development_group:postgresql:7.4.21:*:*:*:*:*:*:*
https://lists.fedoraproject.org/pipermail/package-announce/2010-May/041559.html
https://lists.fedoraproject.org/pipermail/package-announce/2010-May/041579.html
https://lists.fedoraproject.org/pipermail/package-announce/2010-May/041591.html
https://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
https://marc.info/?l=bugtraq&m=134124585221119&w=2
https://osvdb.org/64757
https://secunia.com/advisories/39815
https://secunia.com/advisories/39820
https://secunia.com/advisories/39845
https://secunia.com/advisories/39898
https://secunia.com/advisories/39939
https://www.debian.org/security/2010/dsa-2051
https://www.mandriva.com/security/advisories?name=MDVSA-2010:103
https://www.openwall.com/lists/oss-security/2010/05/20/5
https://www.postgresql.org/about/news.1203
https://www.postgresql.org/docs/current/static/release-7-4-29.html
https://www.postgresql.org/docs/current/static/release-8-0-25.html
https://www.postgresql.org/docs/current/static/release-8-1-21.html
https://www.postgresql.org/docs/current/static/release-8-2-17.html
https://www.postgresql.org/docs/current/static/release-8-3-11.html
https://www.postgresql.org/docs/current/static/release-8-4-4.html
https://www.postgresql.org/support/security
https://www.redhat.com/support/errata/RHSA-2010-0427.html
https://www.redhat.com/support/errata/RHSA-2010-0428.html
https://www.redhat.com/support/errata/RHSA-2010-0429.html
https://www.redhat.com/support/errata/RHSA-2010-0430.html
https://www.securityfocus.com/bid/40215
https://www.securitytracker.com/id?1023987
https://www.vupen.com/english/advisories/2010/1167
https://www.vupen.com/english/advisories/2010/1182
https://www.vupen.com/english/advisories/2010/1197
https://www.vupen.com/english/advisories/2010/1198
https://www.vupen.com/english/advisories/2010/1207
https://www.vupen.com/english/advisories/2010/1221
https://bugzilla.redhat.com/show_bug.cgi?id=583072
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10510
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Code Injection
EUVDB-ID: #VU111770
Risk: High
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2010-1169
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code.
PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Perl code via a crafted script, related to the Safe module (aka Safe.pm) for Perl. NOTE: some sources report that this issue is the same as CVE-2010-1447.
MitigationInstall update from vendor's website.
Vulnerable software versionsPostgreSQL: 7.4 - 8.4.3
CPE2.3- cpe:2.3:a:postgresql_global_development_group:postgresql:7.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql_global_development_group:postgresql:7.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql_global_development_group:postgresql:7.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql_global_development_group:postgresql:7.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql_global_development_group:postgresql:7.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql_global_development_group:postgresql:7.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql_global_development_group:postgresql:7.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql_global_development_group:postgresql:7.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql_global_development_group:postgresql:7.4.20:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql_global_development_group:postgresql:7.4.21:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql_global_development_group:postgresql:7.4.22:*:*:*:*:*:*:*
https://lists.fedoraproject.org/pipermail/package-announce/2010-May/041559.html
https://lists.fedoraproject.org/pipermail/package-announce/2010-May/041579.html
https://lists.fedoraproject.org/pipermail/package-announce/2010-May/041591.html
https://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
https://marc.info/?l=bugtraq&m=134124585221119&w=2
https://osvdb.org/64755
https://secunia.com/advisories/39815
https://secunia.com/advisories/39820
https://secunia.com/advisories/39845
https://secunia.com/advisories/39898
https://secunia.com/advisories/39939
https://www.debian.org/security/2010/dsa-2051
https://www.mandriva.com/security/advisories?name=MDVSA-2010:103
https://www.openwall.com/lists/oss-security/2010/05/20/5
https://www.postgresql.org/about/news.1203
https://www.postgresql.org/docs/current/static/release-7-4-29.html
https://www.postgresql.org/docs/current/static/release-8-0-25.html
https://www.postgresql.org/docs/current/static/release-8-1-21.html
https://www.postgresql.org/docs/current/static/release-8-2-17.html
https://www.postgresql.org/docs/current/static/release-8-3-11.html
https://www.postgresql.org/docs/current/static/release-8-4-4.html
https://www.postgresql.org/support/security
https://www.redhat.com/support/errata/RHSA-2010-0427.html
https://www.redhat.com/support/errata/RHSA-2010-0428.html
https://www.redhat.com/support/errata/RHSA-2010-0429.html
https://www.redhat.com/support/errata/RHSA-2010-0430.html
https://www.securityfocus.com/bid/40215
https://www.securitytracker.com/id?1023988
https://www.vupen.com/english/advisories/2010/1167
https://www.vupen.com/english/advisories/2010/1182
https://www.vupen.com/english/advisories/2010/1197
https://www.vupen.com/english/advisories/2010/1198
https://www.vupen.com/english/advisories/2010/1207
https://www.vupen.com/english/advisories/2010/1221
https://bugzilla.redhat.com/show_bug.cgi?id=582615
https://bugzilla.redhat.com/show_bug.cgi?id=588269
https://exchange.xforce.ibmcloud.com/vulnerabilities/58693
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10645
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
