#VU111770 Code Injection in PostgreSQL - CVE-2010-1169
Vulnerability identifier: #VU111770
Vulnerability risk: High
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID:
CWE-ID:
CWE-94
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
PostgreSQL
Server applications /
Database software
Vendor: PostgreSQL Global Development Group
Description
The vulnerability allows a remote user to execute arbitrary code.
PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Perl code via a crafted script, related to the Safe module (aka Safe.pm) for Perl. NOTE: some sources report that this issue is the same as CVE-2010-1447.
Mitigation
Install update from vendor's website.
Vulnerable software versions
PostgreSQL: 7.4, 7.4.1 - 7.4.19, 7.4.2, 7.4.3, 7.4.4, 7.4.5 - 8.1.3, 7.4.6, 7.4.7, 7.4.8, 7.4.9, 7.4.10 - 8.4.1, 7.4.11 - 8.4.3, 7.4.12, 7.4.13, 7.4.14, 7.4.15, 7.4.16, 7.4.20, 7.4.21, 7.4.22, 7.4.23, 7.4.24, 7.4.25, 7.4.26, 7.4.27, 7.4.28, 8.0, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.0.11, 8.0.12, 8.0.13, 8.0.14, 8.0.15, 8.0.16, 8.0.17, 8.0.18, 8.0.19, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.1.15, 8.1.16, 8.1.17, 8.1.18, 8.1.19, 8.1.20, 8.2, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 8.2.13, 8.2.14, 8.2.15, 8.2.16, 8.3, 8.3.0, 8.3.1, 8.3.2, 8.3.3
External links
https://lists.fedoraproject.org/pipermail/package-announce/2010-May/041559.html
https://lists.fedoraproject.org/pipermail/package-announce/2010-May/041579.html
https://lists.fedoraproject.org/pipermail/package-announce/2010-May/041591.html
https://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
https://marc.info/?l=bugtraq&m=134124585221119&w=2
https://osvdb.org/64755
https://secunia.com/advisories/39815
https://secunia.com/advisories/39820
https://secunia.com/advisories/39845
https://secunia.com/advisories/39898
https://secunia.com/advisories/39939
https://www.debian.org/security/2010/dsa-2051
https://www.mandriva.com/security/advisories?name=MDVSA-2010:103
https://www.openwall.com/lists/oss-security/2010/05/20/5
https://www.postgresql.org/about/news.1203
https://www.postgresql.org/docs/current/static/release-7-4-29.html
https://www.postgresql.org/docs/current/static/release-8-0-25.html
https://www.postgresql.org/docs/current/static/release-8-1-21.html
https://www.postgresql.org/docs/current/static/release-8-2-17.html
https://www.postgresql.org/docs/current/static/release-8-3-11.html
https://www.postgresql.org/docs/current/static/release-8-4-4.html
https://www.postgresql.org/support/security
https://www.redhat.com/support/errata/RHSA-2010-0427.html
https://www.redhat.com/support/errata/RHSA-2010-0428.html
https://www.redhat.com/support/errata/RHSA-2010-0429.html
https://www.redhat.com/support/errata/RHSA-2010-0430.html
https://www.securityfocus.com/bid/40215
https://www.securitytracker.com/id?1023988
https://www.vupen.com/english/advisories/2010/1167
https://www.vupen.com/english/advisories/2010/1182
https://www.vupen.com/english/advisories/2010/1197
https://www.vupen.com/english/advisories/2010/1198
https://www.vupen.com/english/advisories/2010/1207
https://www.vupen.com/english/advisories/2010/1221
https://bugzilla.redhat.com/show_bug.cgi?id=582615
https://bugzilla.redhat.com/show_bug.cgi?id=588269
https://exchange.xforce.ibmcloud.com/vulnerabilities/58693
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10645
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
