CVE-2010-1169: Code Injection
First published: Thu Apr 15 2010(Updated: )
PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Perl code via a crafted script, related to the Safe module (aka Safe.pm) for Perl. NOTE: some sources report that this issue is the same as CVE-2010-1447.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/postgresql | <0:7.4.29-1.el4_8.1 | 0:7.4.29-1.el4_8.1 |
| redhat/postgresql | <0:8.1.21-1.el5_5.1 | 0:8.1.21-1.el5_5.1 |
| redhat/postgresql84 | <0:8.4.4-1.el5_5.1 | 0:8.4.4-1.el5_5.1 |
| PostgreSQL PostgreSQL | =7.4.16 | |
| PostgreSQL PostgreSQL | =7.4.24 | |
| PostgreSQL PostgreSQL | =7.4.22 | |
| PostgreSQL PostgreSQL | =7.4.21 | |
| PostgreSQL PostgreSQL | =7.4.19 | |
| PostgreSQL PostgreSQL | =7.4.15 | |
| PostgreSQL PostgreSQL | =7.4.1 | |
| PostgreSQL PostgreSQL | =7.4.14 | |
| PostgreSQL PostgreSQL | =7.4.26 | |
| PostgreSQL PostgreSQL | =7.4.6 | |
| PostgreSQL PostgreSQL | =7.4.23 | |
| PostgreSQL PostgreSQL | =7.4.11 | |
| PostgreSQL PostgreSQL | =7.4.7 | |
| PostgreSQL PostgreSQL | =7.4.17 | |
| PostgreSQL PostgreSQL | =7.4.3 | |
| PostgreSQL PostgreSQL | =7.4.25 | |
| PostgreSQL PostgreSQL | =7.4.9 | |
| PostgreSQL PostgreSQL | =7.4.5 | |
| PostgreSQL PostgreSQL | =7.4.18 | |
| PostgreSQL PostgreSQL | =7.4.8 | |
| PostgreSQL PostgreSQL | =7.4 | |
| PostgreSQL PostgreSQL | =7.4.4 | |
| PostgreSQL PostgreSQL | =7.4.28 | |
| PostgreSQL PostgreSQL | =7.4.12 | |
| PostgreSQL PostgreSQL | =7.4.27 | |
| PostgreSQL PostgreSQL | =7.4.10 | |
| PostgreSQL PostgreSQL | =7.4.20 | |
| PostgreSQL PostgreSQL | =7.4.2 | |
| PostgreSQL PostgreSQL | =7.4.13 | |
| PostgreSQL PostgreSQL | =8.0.7 | |
| PostgreSQL PostgreSQL | =8.0.2 | |
| PostgreSQL PostgreSQL | =8.0.22 | |
| PostgreSQL PostgreSQL | =8.0.17 | |
| PostgreSQL PostgreSQL | =8.0.10 | |
| PostgreSQL PostgreSQL | =8.0.12 | |
| PostgreSQL PostgreSQL | =8.0.9 | |
| PostgreSQL PostgreSQL | =8.0.15 | |
| PostgreSQL PostgreSQL | =8.0.0 | |
| PostgreSQL PostgreSQL | =8.0.18 | |
| PostgreSQL PostgreSQL | =8.0.3 | |
| PostgreSQL PostgreSQL | =8.0.24 | |
| PostgreSQL PostgreSQL | =8.0.20 | |
| PostgreSQL PostgreSQL | =8.0.8 | |
| PostgreSQL PostgreSQL | =8.0.6 | |
| PostgreSQL PostgreSQL | =8.0.16 | |
| PostgreSQL PostgreSQL | =8.0.13 | |
| PostgreSQL PostgreSQL | =8.0.1 | |
| PostgreSQL PostgreSQL | =8.0.19 | |
| PostgreSQL PostgreSQL | =8.0.21 | |
| PostgreSQL PostgreSQL | =8.0.23 | |
| PostgreSQL PostgreSQL | =8.0.4 | |
| PostgreSQL PostgreSQL | =8.0.5 | |
| PostgreSQL PostgreSQL | =8.0.14 | |
| PostgreSQL PostgreSQL | =8.0.11 | |
| PostgreSQL PostgreSQL | =8.0 | |
| PostgreSQL PostgreSQL | =8.1.10 | |
| PostgreSQL PostgreSQL | =8.1.6 | |
| PostgreSQL PostgreSQL | =8.1.15 | |
| PostgreSQL PostgreSQL | =8.1.7 | |
| PostgreSQL PostgreSQL | =8.1.20 | |
| PostgreSQL PostgreSQL | =8.1 | |
| PostgreSQL PostgreSQL | =8.1.19 | |
| PostgreSQL PostgreSQL | =8.1.13 | |
| PostgreSQL PostgreSQL | =8.1.0 | |
| PostgreSQL PostgreSQL | =8.1.3 | |
| PostgreSQL PostgreSQL | =8.1.9 | |
| PostgreSQL PostgreSQL | =8.1.14 | |
| PostgreSQL PostgreSQL | =8.1.11 | |
| PostgreSQL PostgreSQL | =8.1.17 | |
| PostgreSQL PostgreSQL | =8.1.18 | |
| PostgreSQL PostgreSQL | =8.1.4 | |
| PostgreSQL PostgreSQL | =8.1.8 | |
| PostgreSQL PostgreSQL | =8.1.1 | |
| PostgreSQL PostgreSQL | =8.1.12 | |
| PostgreSQL PostgreSQL | =8.1.5 | |
| PostgreSQL PostgreSQL | =8.1.16 | |
| PostgreSQL PostgreSQL | =8.1.2 | |
| PostgreSQL PostgreSQL | =8.2.9 | |
| PostgreSQL PostgreSQL | =8.2.10 | |
| PostgreSQL PostgreSQL | =8.2.15 | |
| PostgreSQL PostgreSQL | =8.2.4 | |
| PostgreSQL PostgreSQL | =8.2.11 | |
| PostgreSQL PostgreSQL | =8.2.12 | |
| PostgreSQL PostgreSQL | =8.2.2 | |
| PostgreSQL PostgreSQL | =8.2.5 | |
| PostgreSQL PostgreSQL | =8.2.1 | |
| PostgreSQL PostgreSQL | =8.2.7 | |
| PostgreSQL PostgreSQL | =8.2.6 | |
| PostgreSQL PostgreSQL | =8.2.3 | |
| PostgreSQL PostgreSQL | =8.2.16 | |
| PostgreSQL PostgreSQL | =8.2.8 | |
| PostgreSQL PostgreSQL | =8.2.13 | |
| PostgreSQL PostgreSQL | =8.2 | |
| PostgreSQL PostgreSQL | =8.2.14 | |
| PostgreSQL PostgreSQL | =8.3.6 | |
| PostgreSQL PostgreSQL | =8.3.3 | |
| PostgreSQL PostgreSQL | =8.3.2 | |
| PostgreSQL PostgreSQL | =8.3.1 | |
| PostgreSQL PostgreSQL | =8.3.5 | |
| PostgreSQL PostgreSQL | =8.3.8 | |
| PostgreSQL PostgreSQL | =8.3.7 | |
| PostgreSQL PostgreSQL | =8.3.10 | |
| PostgreSQL PostgreSQL | =8.3 | |
| PostgreSQL PostgreSQL | =8.3.4 | |
| PostgreSQL PostgreSQL | =8.3.9 | |
| PostgreSQL PostgreSQL | =8.4.1 | |
| PostgreSQL PostgreSQL | =8.4.3 | |
| PostgreSQL PostgreSQL | =8.4 | |
| PostgreSQL PostgreSQL | =8.4.2 | |
| PostgreSQL PostgreSQL | =9.0.0-beta1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/40215
- http://www.postgresql.org/docs/current/static/release-8-4-4.html
- http://www.postgresql.org/docs/current/static/release-8-3-11.html
- https://bugzilla.redhat.com/show_bug.cgi?id=582615
- http://www.postgresql.org/support/security
- http://www.postgresql.org/docs/current/static/release-8-0-25.html
- http://secunia.com/advisories/39845
- http://www.postgresql.org/docs/current/static/release-8-2-17.html
- http://www.postgresql.org/docs/current/static/release-7-4-29.html
- http://www.vupen.com/english/advisories/2010/1167
- http://www.postgresql.org/docs/current/static/release-8-1-21.html
- http://www.postgresql.org/about/news.1203
- http://www.redhat.com/support/errata/RHSA-2010-0427.html
- http://www.redhat.com/support/errata/RHSA-2010-0430.html
- http://www.redhat.com/support/errata/RHSA-2010-0429.html
- http://www.redhat.com/support/errata/RHSA-2010-0428.html
- http://www.securitytracker.com/id?1023988
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:103
- http://www.vupen.com/english/advisories/2010/1207
- http://secunia.com/advisories/39898
- http://secunia.com/advisories/39820
- http://www.vupen.com/english/advisories/2010/1198
- http://www.vupen.com/english/advisories/2010/1197
- http://www.debian.org/security/2010/dsa-2051
- http://secunia.com/advisories/39939
- http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041579.html
- http://www.vupen.com/english/advisories/2010/1221
- http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041591.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041559.html
- http://secunia.com/advisories/39815
- http://www.vupen.com/english/advisories/2010/1182
- http://www.openwall.com/lists/oss-security/2010/05/20/5
- https://bugzilla.redhat.com/show_bug.cgi?id=588269
- http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
- http://osvdb.org/64755
- http://marc.info/?l=bugtraq&m=134124585221119&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/58693
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10645
- http://www.postgresql.org/docs/8.1/interactive/plperl.html
- http://www.postgresql.org/docs/8.1/interactive/plperl-trusted.html
- https://access.redhat.com/security/cve/CVE-2010-1169
- http://www.postgresql.org/support/security.html
- http://admin.fedoraproject.org/updates/postgresql-8.4.4-1.fc12
- http://admin.fedoraproject.org/updates/postgresql-8.3.11-1.fc11
- http://admin.fedoraproject.org/updates/postgresql-8.4.4-1.fc13
- http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=5d17e8167a82e646124617c1e00004c73aa40afc
- https://rhn.redhat.com/errata/RHSA-2010-0427.html
- https://rhn.redhat.com/errata/RHSA-2010-0428.html
- https://rhn.redhat.com/errata/RHSA-2010-0429.html
- https://rhn.redhat.com/errata/RHSA-2010-0430.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=636659
- https://www.cve.org/CVERecord?id=CVE-2010-1169 https://nvd.nist.gov/vuln/detail/CVE-2010-1169
- https://access.redhat.com/errata/RHSA-2010:0427
- https://access.redhat.com/errata/RHSA-2010:0428
- https://access.redhat.com/errata/RHSA-2010:0429
- https://access.redhat.com/errata/RHSA-2010:0430
- https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1169.json
Parent vulnerabilities
(Appears in the following advisories)
- agent/type
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-1169
- agent/first-publish-date
- agent/severity
- agent/remedy
- agent/weakness
- agent/author
- agent/references
- agent/description
- collector/redhat-cve
- agent/software-canonical-lookup
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- agent/trending
- package-manager/redhat
- vendor/postgresql
- canonical/postgresql postgresql
- version/postgresql postgresql/7.4.16
- version/postgresql postgresql/7.4.24
- version/postgresql postgresql/7.4.22
- version/postgresql postgresql/7.4.21
- version/postgresql postgresql/7.4.19
- version/postgresql postgresql/7.4.15
- version/postgresql postgresql/7.4.1
- version/postgresql postgresql/7.4.14
- version/postgresql postgresql/7.4.26
- version/postgresql postgresql/7.4.6
- version/postgresql postgresql/7.4.23
- version/postgresql postgresql/7.4.11
- version/postgresql postgresql/7.4.7
- version/postgresql postgresql/7.4.17
- version/postgresql postgresql/7.4.3
- version/postgresql postgresql/7.4.25
- version/postgresql postgresql/7.4.9
- version/postgresql postgresql/7.4.5
- version/postgresql postgresql/7.4.18
- version/postgresql postgresql/7.4.8
- version/postgresql postgresql/7.4
- version/postgresql postgresql/7.4.4
- version/postgresql postgresql/7.4.28
- version/postgresql postgresql/7.4.12
- version/postgresql postgresql/7.4.27
- version/postgresql postgresql/7.4.10
- version/postgresql postgresql/7.4.20
- version/postgresql postgresql/7.4.2
- version/postgresql postgresql/7.4.13
- version/postgresql postgresql/8.0.7
- version/postgresql postgresql/8.0.2
- version/postgresql postgresql/8.0.22
- version/postgresql postgresql/8.0.17
- version/postgresql postgresql/8.0.10
- version/postgresql postgresql/8.0.12
- version/postgresql postgresql/8.0.9
- version/postgresql postgresql/8.0.15
- version/postgresql postgresql/8.0.0
- version/postgresql postgresql/8.0.18
- version/postgresql postgresql/8.0.3
- version/postgresql postgresql/8.0.24
- version/postgresql postgresql/8.0.20
- version/postgresql postgresql/8.0.8
- version/postgresql postgresql/8.0.6
- version/postgresql postgresql/8.0.16
- version/postgresql postgresql/8.0.13
- version/postgresql postgresql/8.0.1
- version/postgresql postgresql/8.0.19
- version/postgresql postgresql/8.0.21
- version/postgresql postgresql/8.0.23
- version/postgresql postgresql/8.0.4
- version/postgresql postgresql/8.0.5
- version/postgresql postgresql/8.0.14
- version/postgresql postgresql/8.0.11
- version/postgresql postgresql/8.0
- version/postgresql postgresql/8.1.10
- version/postgresql postgresql/8.1.6
- version/postgresql postgresql/8.1.15
- version/postgresql postgresql/8.1.7
- version/postgresql postgresql/8.1.20
- version/postgresql postgresql/8.1
- version/postgresql postgresql/8.1.19
- version/postgresql postgresql/8.1.13
- version/postgresql postgresql/8.1.0
- version/postgresql postgresql/8.1.3
- version/postgresql postgresql/8.1.9
- version/postgresql postgresql/8.1.14
- version/postgresql postgresql/8.1.11
- version/postgresql postgresql/8.1.17
- version/postgresql postgresql/8.1.18
- version/postgresql postgresql/8.1.4
- version/postgresql postgresql/8.1.8
- version/postgresql postgresql/8.1.1
- version/postgresql postgresql/8.1.12
- version/postgresql postgresql/8.1.5
- version/postgresql postgresql/8.1.16
- version/postgresql postgresql/8.1.2
- version/postgresql postgresql/8.2.9
- version/postgresql postgresql/8.2.10
- version/postgresql postgresql/8.2.15
- version/postgresql postgresql/8.2.4
- version/postgresql postgresql/8.2.11
- version/postgresql postgresql/8.2.12
- version/postgresql postgresql/8.2.2
- version/postgresql postgresql/8.2.5
- version/postgresql postgresql/8.2.1
- version/postgresql postgresql/8.2.7
- version/postgresql postgresql/8.2.6
- version/postgresql postgresql/8.2.3
- version/postgresql postgresql/8.2.16
- version/postgresql postgresql/8.2.8
- version/postgresql postgresql/8.2.13
- version/postgresql postgresql/8.2
- version/postgresql postgresql/8.2.14
- version/postgresql postgresql/8.3.6
- version/postgresql postgresql/8.3.3
- version/postgresql postgresql/8.3.2
- version/postgresql postgresql/8.3.1
- version/postgresql postgresql/8.3.5
- version/postgresql postgresql/8.3.8
- version/postgresql postgresql/8.3.7
- version/postgresql postgresql/8.3.10
- version/postgresql postgresql/8.3
- version/postgresql postgresql/8.3.4
- version/postgresql postgresql/8.3.9
- version/postgresql postgresql/8.4.1
- version/postgresql postgresql/8.4.3
- version/postgresql postgresql/8.4
- version/postgresql postgresql/8.4.2
- version/postgresql postgresql/9.0.0-beta1