CVE-2010-1169 Information
Share on:Description
PostgreSQL 7.4 before 7.4.29 8.0 before 8.0.25 8.1 before 8.1.21 8.2 before 8.2.17 8.3 before 8.3.11 8.4 before 8.4.4 and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures which allows remote authenticated users with database-creation privileges to execute arbitrary Perl code via a crafted script related to the Safe module (aka Safe.pm) for Perl. NOTE: some sources report that this issue is the same as CVE-2010-1447.
Reference
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041559.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041579.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041591.html http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://marc.info/?l=bugtraq&m=134124585221119&w=2 http://osvdb.org/64755 http://secunia.com/advisories/39815 http://secunia.com/advisories/39820 http://secunia.com/advisories/39845 http://secunia.com/advisories/39898 http://secunia.com/advisories/39939 http://www.debian.org/security/2010/dsa-2051 http://www.mandriva.com/security/advisories?name=MDVSA-2010:103 http://www.openwall.com/lists/oss-security/2010/05/20/5 http://www.postgresql.org/about/news.1203 http://www.postgresql.org/docs/current/static/release-7-4-29.html http://www.postgresql.org/docs/current/static/release-8-0-25.html http://www.postgresql.org/docs/current/static/release-8-1-21.html http://www.postgresql.org/docs/current/static/release-8-2-17.html http://www.postgresql.org/docs/current/static/release-8-3-11.html http://www.postgresql.org/docs/current/static/release-8-4-4.html http://www.postgresql.org/support/security http://www.redhat.com/support/errata/RHSA-2010-0427.html http://www.redhat.com/support/errata/RHSA-2010-0428.html http://www.redhat.com/support/errata/RHSA-2010-0429.html http://www.redhat.com/support/errata/RHSA-2010-0430.html http://www.securityfocus.com/bid/40215 http://www.securitytracker.com/id?1023988 http://www.vupen.com/english/advisories/2010/1167 http://www.vupen.com/english/advisories/2010/1182 http://www.vupen.com/english/advisories/2010/1197 http://www.vupen.com/english/advisories/2010/1198 http://www.vupen.com/english/advisories/2010/1207 http://www.vupen.com/english/advisories/2010/1221 https://bugzilla.redhat.com/show_bug.cgi?id=582615 https://bugzilla.redhat.com/show_bug.cgi?id=588269 https://exchange.xforce.ibmcloud.com/vulnerabilities/58693 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10645