CVE-2010-1169

CVSS V2 High 8.5 CVSS V3 None
Description
PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Perl code via a crafted script, related to the Safe module (aka Safe.pm) for Perl. NOTE: some sources report that this issue is the same as CVE-2010-1447.
Overview
  • CVE ID
  • CVE-2010-1169
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2010-05-19T18:30:02
  • Last Modified Date
  • 2017-09-19T01:30:35
Weakness Enumerations
CWE URL
CWE-94 http://cwe.mitre.org/data/definitions/94.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:postgresql:postgresql:7.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:7.4.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:7.4.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:7.4.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:7.4.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:7.4.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:7.4.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:7.4.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:7.4.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:7.4.9:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:7.4.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:7.4.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:7.4.12:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:7.4.13:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:7.4.14:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:7.4.15:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:7.4.16:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:7.4.17:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:7.4.18:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:7.4.19:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:7.4.20:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:7.4.21:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:7.4.22:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:7.4.23:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:7.4.24:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:7.4.25:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:7.4.26:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:7.4.27:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:7.4.28:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.0.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.0.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.0.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.0.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.0.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.0.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.0.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.0.9:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.0.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.0.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.0.12:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.0.13:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.0.14:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.0.15:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.0.16:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.0.17:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.0.18:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.0.19:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.0.20:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.0.21:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.0.22:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.0.23:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.0.24:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.1.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.1.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.1.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.1.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.1.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.1.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.1.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.1.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.1.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.1.9:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.1.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.1.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.1.12:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.1.13:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.1.14:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.1.15:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.1.16:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.1.17:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.1.18:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.1.19:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.1.20:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.2.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.2.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.2.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.2.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.2.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.2.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.2.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.2.9:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.2.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.2.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.2.12:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.2.13:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.2.14:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.2.15:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.2.16:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.3.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.3.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.3.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.3.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.3.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.3.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.3.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.3.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.3.9:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.3.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.4.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.4.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.4.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:9.0.0:beta1:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:S/C:C/I:C/A:C
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • SINGLE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 8.5
  • Severity
  • HIGH
  • Exploitability Score
  • 6.8
  • Impact Score
  • 10
References
Reference URL Reference Tags
http://www.securityfocus.com/bid/40215
http://www.postgresql.org/docs/current/static/release-8-4-4.html
http://www.postgresql.org/docs/current/static/release-8-3-11.html
https://bugzilla.redhat.com/show_bug.cgi?id=582615
http://www.postgresql.org/support/security
http://www.postgresql.org/docs/current/static/release-8-0-25.html
http://secunia.com/advisories/39845 Vendor Advisory
http://www.postgresql.org/docs/current/static/release-8-2-17.html
http://www.postgresql.org/docs/current/static/release-7-4-29.html
http://www.vupen.com/english/advisories/2010/1167 Vendor Advisory
http://www.postgresql.org/docs/current/static/release-8-1-21.html
http://www.postgresql.org/about/news.1203 Patch
http://www.redhat.com/support/errata/RHSA-2010-0427.html
http://www.redhat.com/support/errata/RHSA-2010-0430.html
http://www.redhat.com/support/errata/RHSA-2010-0429.html
http://www.redhat.com/support/errata/RHSA-2010-0428.html
http://www.securitytracker.com/id?1023988
http://www.mandriva.com/security/advisories?name=MDVSA-2010:103
http://www.vupen.com/english/advisories/2010/1207
http://secunia.com/advisories/39898
http://secunia.com/advisories/39820
http://www.vupen.com/english/advisories/2010/1198
http://www.vupen.com/english/advisories/2010/1197
http://www.debian.org/security/2010/dsa-2051
http://secunia.com/advisories/39939
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041579.html
http://www.vupen.com/english/advisories/2010/1221
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041591.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041559.html
http://secunia.com/advisories/39815
http://www.vupen.com/english/advisories/2010/1182
http://www.openwall.com/lists/oss-security/2010/05/20/5
https://bugzilla.redhat.com/show_bug.cgi?id=588269
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
http://osvdb.org/64755
http://marc.info/?l=bugtraq&m=134124585221119&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/58693
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10645
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2010-1169
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1169
History
Created Old Value New Value Data Type Notes
2022-05-10 08:34:51 Added to TrackCVE