exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Ubuntu Security Notice 1002-2

Ubuntu Security Notice 1002-2
Posted Oct 8, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1002-2 - USN-1002-1 fixed vulnerabilities in PostgreSQL. This update provides the corresponding update for Ubuntu 10.10. It was discovered that PostgreSQL did not properly enforce permissions within sessions when PL/Perl and PL/Tcl functions or operators were redefined. A remote authenticated attacker could exploit this to execute arbitrary code with permissions of a different user, possibly leading to privilege escalation.

tags | advisory, remote, arbitrary, perl, vulnerability
systems | linux, ubuntu
advisories | CVE-2010-3433
SHA-256 | 085a6581138140094c3a3e7e5218e13c206bda65a3d3ed3d068b202fda63e0ba
Download | Favorite | View

Ubuntu Security Notice 1002-2

Change Mirror Download
===========================================================
Ubuntu Security Notice USN-1002-2           October 07, 2010
postgresql-8.4 vulnerability
CVE-2010-3433
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.10:
  postgresql-plperl-8.4           8.4.5-0ubuntu10.10
  postgresql-pltcl-8.4            8.4.5-0ubuntu10.10

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

Details follow:

USN-1002-1 fixed vulnerabilities in PostgreSQL. This update provides the
corresponding update for Ubuntu 10.10.

Original advisory details:

 It was discovered that PostgreSQL did not properly enforce permissions
 within sessions when PL/Perl and PL/Tcl functions or operators were
 redefined. A remote authenticated attacker could exploit this to execute
 arbitrary code with permissions of a different user, possibly leading to
 privilege escalation.


Updated packages for Ubuntu 10.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-8.4_8.4.5-0ubuntu10.10.diff.gz
      Size/MD5:    39535 23f8b3a352178737bb56ead8312c86ce
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-8.4_8.4.5-0ubuntu10.10.dsc
      Size/MD5:     2618 ed2b36e5dae9278e12d57c3d5c12d41c
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-8.4_8.4.5.orig.tar.gz
      Size/MD5: 17590296 8ddea33493bf5cf6f5ea62212bb079df

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-client_8.4.5-0ubuntu10.10_all.deb
      Size/MD5:    18046 1c384292787a8d1a5dd42f17e2a7efc8
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-contrib_8.4.5-0ubuntu10.10_all.deb
      Size/MD5:    17944 bd565d773cf1f570cfe8f90bbebac5dc
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-doc-8.4_8.4.5-0ubuntu10.10_all.deb
      Size/MD5:  2118952 1c0163b0b9458c91cee4f8f0f9a4cfe4
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-doc_8.4.5-0ubuntu10.10_all.deb
      Size/MD5:     3450 26111ec43a687d13ce3fa44f9664fe6a
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql_8.4.5-0ubuntu10.10_all.deb
      Size/MD5:    18084 848a9af8970f015693af8ae73fe0a2cb

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libecpg-compat3_8.4.5-0ubuntu10.10_amd64.deb
      Size/MD5:    11340 130564cc4628ceafc3921713ab2e4dcc
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libecpg-dev_8.4.5-0ubuntu10.10_amd64.deb
      Size/MD5:   240990 e3f6824a873520f17e230a62ad05ac80
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libecpg6_8.4.5-0ubuntu10.10_amd64.deb
      Size/MD5:    33164 308b7aaa612e6c680f5583590e62986e
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libpgtypes3_8.4.5-0ubuntu10.10_amd64.deb
      Size/MD5:    49340 f24763b931ba512742dd6d03f86d62c5
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libpq-dev_8.4.5-0ubuntu10.10_amd64.deb
      Size/MD5:   201420 36249bf7794d77cfb7c05ff4901c0317
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libpq5_8.4.5-0ubuntu10.10_amd64.deb
      Size/MD5:    88556 20c083d536a138cc44bfa460b93d1eb3
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-8.4_8.4.5-0ubuntu10.10_amd64.deb
      Size/MD5:  4030288 6384be605d8d3597b9d34be34fafaa03
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-client-8.4_8.4.5-0ubuntu10.10_amd64.deb
      Size/MD5:   822908 055d780c681d443e7d31a0b36d7d5ed8
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-contrib-8.4_8.4.5-0ubuntu10.10_amd64.deb
      Size/MD5:   406728 3230bf51c73075032ac03f65770ad976
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-server-dev-8.4_8.4.5-0ubuntu10.10_amd64.deb
      Size/MD5:   630842 fb7866cb18076664c304d81e0b8cb021
    http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.4/postgresql-plperl-8.4_8.4.5-0ubuntu10.10_amd64.deb
      Size/MD5:    46686 f8834eb50b0298b2e09f44ce3dde5946
    http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.4/postgresql-plpython-8.4_8.4.5-0ubuntu10.10_amd64.deb
      Size/MD5:    39898 53066a883e73930773d282bf302e9fdb
    http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.4/postgresql-pltcl-8.4_8.4.5-0ubuntu10.10_amd64.deb
      Size/MD5:    37482 73ed6ddaf822a4fb9a5d4ad990e9adbb

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libecpg-compat3_8.4.5-0ubuntu10.10_i386.deb
      Size/MD5:    10310 7c4f24a65407a0b9ff04e7d8b47b994a
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libecpg-dev_8.4.5-0ubuntu10.10_i386.deb
      Size/MD5:   226046 419eb5e75f5d6c7864fd0c0bef7d1afd
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libecpg6_8.4.5-0ubuntu10.10_i386.deb
      Size/MD5:    32056 1319f823acea5395a7d85887486def9d
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libpgtypes3_8.4.5-0ubuntu10.10_i386.deb
      Size/MD5:    48064 2e7044fcb4a110609eb22abaed4e72c8
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libpq-dev_8.4.5-0ubuntu10.10_i386.deb
      Size/MD5:   193026 80f3d8d52adb51ac873755fa28dd5bca
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libpq5_8.4.5-0ubuntu10.10_i386.deb
      Size/MD5:    83006 2fe4cf19bf4fab85621b09f397bf99a1
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-8.4_8.4.5-0ubuntu10.10_i386.deb
      Size/MD5:  3883064 f1e96cb6c5338ef0c0d3ed565d02fba4
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-client-8.4_8.4.5-0ubuntu10.10_i386.deb
      Size/MD5:   776358 f2b56866bd98a688fa76504e4b36647b
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-contrib-8.4_8.4.5-0ubuntu10.10_i386.deb
      Size/MD5:   363476 21f6d13a2d2b7f7b8a2d9a1e53130684
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-server-dev-8.4_8.4.5-0ubuntu10.10_i386.deb
      Size/MD5:   633542 351ba2390d1ba28b8ff623cdf3839fd9
    http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.4/postgresql-plperl-8.4_8.4.5-0ubuntu10.10_i386.deb
      Size/MD5:    45058 192433c49f49f994149c7b6e5624348b
    http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.4/postgresql-plpython-8.4_8.4.5-0ubuntu10.10_i386.deb
      Size/MD5:    37484 e0af027de047269a78024c65d45396ef
    http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.4/postgresql-pltcl-8.4_8.4.5-0ubuntu10.10_i386.deb
      Size/MD5:    36514 ed256af80099b8bd118dab3299ce0549

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libecpg-compat3_8.4.5-0ubuntu10.10_powerpc.deb
      Size/MD5:    10728 2038e12c84261eb4d5b4334e9b341163
    http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libecpg-dev_8.4.5-0ubuntu10.10_powerpc.deb
      Size/MD5:   241180 b55e26e2973cf5d7b359c382f3399dd7
    http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libecpg6_8.4.5-0ubuntu10.10_powerpc.deb
      Size/MD5:    34290 0572b2444e501ec930a167a86722450b
    http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libpgtypes3_8.4.5-0ubuntu10.10_powerpc.deb
      Size/MD5:    51950 5ac477b5e3b958cbcd7402e6a5bcd9a6
    http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libpq-dev_8.4.5-0ubuntu10.10_powerpc.deb
      Size/MD5:   199520 413218cd3db4eac23f69b3aa1ffb2dc3
    http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libpq5_8.4.5-0ubuntu10.10_powerpc.deb
      Size/MD5:    86118 99303c47040f76c0a759877668c3e41d
    http://ports.ubuntu.com/pool/main/p/postgresql-8.4/postgresql-8.4_8.4.5-0ubuntu10.10_powerpc.deb
      Size/MD5:  4332980 ff598d1c98e57ae87d0a825869ea84af
    http://ports.ubuntu.com/pool/main/p/postgresql-8.4/postgresql-client-8.4_8.4.5-0ubuntu10.10_powerpc.deb
      Size/MD5:   823870 c4dd1c0be504e1204d0bea21cd85d01b
    http://ports.ubuntu.com/pool/main/p/postgresql-8.4/postgresql-contrib-8.4_8.4.5-0ubuntu10.10_powerpc.deb
      Size/MD5:   390012 b678b43d6814d4aa625f6d9b6c232d30
    http://ports.ubuntu.com/pool/main/p/postgresql-8.4/postgresql-server-dev-8.4_8.4.5-0ubuntu10.10_powerpc.deb
      Size/MD5:   632088 d518262b6c78c1de5be3a21629b28456
    http://ports.ubuntu.com/pool/universe/p/postgresql-8.4/postgresql-plperl-8.4_8.4.5-0ubuntu10.10_powerpc.deb
      Size/MD5:    45952 583c39e67e37c14a937e2a08655a96ae
    http://ports.ubuntu.com/pool/universe/p/postgresql-8.4/postgresql-plpython-8.4_8.4.5-0ubuntu10.10_powerpc.deb
      Size/MD5:    39004 b70e2b185875c7cdcb14e3a361589c0e
    http://ports.ubuntu.com/pool/universe/p/postgresql-8.4/postgresql-pltcl-8.4_8.4.5-0ubuntu10.10_powerpc.deb
      Size/MD5:    37188 66e750905a43b134ed13e79106412e52



Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close