Showing 1 - 6 of 6

CVE-2010-1170

Status Candidate

Overview

The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the table's ownership and permissions, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Tcl code by creating this table and inserting a crafted Tcl script.

Related Files

HP Security Bulletin HPSBMU02781 SSRT100617 2: Posted Aug 8, 2012; Authored by HP | Site hp.com; HP Security Bulletin HPSBMU02781 SSRT100617 2 - Potential security vulnerabilities have been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running PostgreSQL. The vulnerabilities could be remotely exploited resulting in execution of arbitrary code and Denial of Service (DoS). Revision 2 of this advisory.; tags | advisory, denial of service, arbitrary, vulnerability; systems | linux, windows, solaris, hpux; advisories | CVE-2009-0922, CVE-2009-3229, CVE-2009-3230, CVE-2009-3231, CVE-2009-4034, CVE-2009-4136, CVE-2010-1169, CVE-2010-1170, CVE-2010-1975, CVE-2010-3433, CVE-2010-4015; SHA-256 | 969977237cbe019bfcfe019ff2785e5a2cd29b36bd1679c3d115100fcd8f2197; Download | Favorite | View

HP Security Bulletin HPSBMU02781 SSRT100617: Posted Jul 2, 2012; Authored by HP | Site hp.com; HP Security Bulletin HPSBMU02781 SSRT100617 - Potential security vulnerabilities have been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running PostgreSQL. The vulnerabilities could be remotely exploited resulting in execution of arbitrary code and Denial of Service (DoS) . Revision 1 of this advisory.; tags | advisory, denial of service, arbitrary, vulnerability; systems | linux, windows, solaris, hpux; advisories | CVE-2009-0922, CVE-2009-3229, CVE-2009-3230, CVE-2009-3231, CVE-2009-4034, CVE-2009-4136, CVE-2010-1169, CVE-2010-1170, CVE-2010-1975, CVE-2010-3433, CVE-2010-4015; SHA-256 | b85e8b8a8b2b6709cb17786ee687f79c84cb868d3e8d7908aac5a6e2bead0467; Download | Favorite | View

Gentoo Linux Security Advisory 201110-22: Posted Oct 25, 2011; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201110-22 - Multiple vulnerabilities in the PostgreSQL server and client allow remote attackers to conduct several attacks, including the execution of arbitrary code and denial of service. Versions less than or equal to 9 are affected.; tags | advisory, remote, denial of service, arbitrary, vulnerability; systems | linux, gentoo; advisories | CVE-2009-0922, CVE-2009-3229, CVE-2009-3230, CVE-2009-3231, CVE-2009-4034, CVE-2009-4136, CVE-2010-0442, CVE-2010-0733, CVE-2010-1169, CVE-2010-1170, CVE-2010-1447, CVE-2010-1975, CVE-2010-3433, CVE-2010-4015, CVE-2011-2483; SHA-256 | 82243da3aec06c210e0496833735c49ccf39afb961407ead00319a66417c0cd7; Download | Favorite | View

Debian Linux Security Advisory 2051-1: Posted May 25, 2010; Authored by Debian | Site debian.org; Debian Linux Security Advisory 2051-1 - Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database.; tags | advisory, local, vulnerability; systems | linux, debian; advisories | CVE-2010-0442, CVE-2010-1169, CVE-2010-1170, CVE-2010-1975; SHA-256 | 180b33e386f19b03736c3943e1b71129e1dfa7af334af3501bd91a08e267f7f0; Download | Favorite | View

Ubuntu Security Notice 942-1: Posted May 22, 2010; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 942-1 - It was discovered that the Safe.pm module as used by PostgreSQL did not properly restrict PL/perl procedures. If PostgreSQL was configured to use Perl stored procedures, a remote authenticated attacker could exploit this to execute arbitrary Perl code. It was discovered that PostgreSQL did not properly check permissions to restrict PL/Tcl procedures. If PostgreSQL was configured to use Tcl stored procedures, a remote authenticated attacker could exploit this to execute arbitrary Tcl code.; tags | advisory, remote, arbitrary, perl; systems | linux, ubuntu; advisories | CVE-2010-1169, CVE-2010-1170; SHA-256 | 741e9e2548258c38c225edc1b0858fe5b79d22d7c61bc1a93baadd70c3ee0dd8; Download | Favorite | View

Mandriva Linux Security Advisory 2010-103: Posted May 21, 2010; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2010-103 - Multiple vulnerabilities were discovered and corrected in postgresql. Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. This update provides a solution to these vulnerabilities.; tags | advisory, vulnerability; systems | linux, mandriva; advisories | CVE-2010-0442, CVE-2010-1169, CVE-2010-1170, CVE-2010-1975; SHA-256 | dae56ddac2b338c1704ebf1658f6ad703dfa0a1e741f2de8039c4ee98eedbcbd; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

CVE-2010-1170

Overview

Related Files

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems