CVE-2010-3433:postgresql: The PL/perl and PL/Tcl implementations in PostgreSQ...

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-3433

postgresql: The PL/perl and PL/Tcl implementations in PostgreSQ...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3433

Original

The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vu...

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-10-06

Source Information Category:

Advisory, Alert

Last Updated:

2010-10-07

Affected Product Tags

cpe:/a:postgresql:postgresql:7.4

cpe:/a:postgresql:postgresql:7.4.1

cpe:/a:postgresql:postgresql:7.4.10

cpe:/a:postgresql:postgresql:7.4.11

cpe:/a:postgresql:postgresql:7.4.12

cpe:/a:postgresql:postgresql:7.4.13

cpe:/a:postgresql:postgresql:7.4.14

cpe:/a:postgresql:postgresql:7.4.15

cpe:/a:postgresql:postgresql:7.4.16

cpe:/a:postgresql:postgresql:7.4.17

cpe:/a:postgresql:postgresql:7.4.18

cpe:/a:postgresql:postgresql:7.4.19

cpe:/a:postgresql:postgresql:7.4.2

cpe:/a:postgresql:postgresql:7.4.20

cpe:/a:postgresql:postgresql:7.4.21

cpe:/a:postgresql:postgresql:7.4.22

cpe:/a:postgresql:postgresql:7.4.23

cpe:/a:postgresql:postgresql:7.4.24

cpe:/a:postgresql:postgresql:7.4.25

cpe:/a:postgresql:postgresql:7.4.26

cpe:/a:postgresql:postgresql:7.4.27

cpe:/a:postgresql:postgresql:7.4.28

cpe:/a:postgresql:postgresql:7.4.29

cpe:/a:postgresql:postgresql:7.4.3

cpe:/a:postgresql:postgresql:7.4.4

cpe:/a:postgresql:postgresql:7.4.5

cpe:/a:postgresql:postgresql:7.4.6

cpe:/a:postgresql:postgresql:7.4.7

cpe:/a:postgresql:postgresql:7.4.8

cpe:/a:postgresql:postgresql:7.4.9

cpe:/a:postgresql:postgresql:8.0

cpe:/a:postgresql:postgresql:8.0.1

cpe:/a:postgresql:postgresql:8.0.10

cpe:/a:postgresql:postgresql:8.0.11

cpe:/a:postgresql:postgresql:8.0.12

cpe:/a:postgresql:postgresql:8.0.13

cpe:/a:postgresql:postgresql:8.0.14

cpe:/a:postgresql:postgresql:8.0.15

cpe:/a:postgresql:postgresql:8.0.16

cpe:/a:postgresql:postgresql:8.0.17

cpe:/a:postgresql:postgresql:8.0.18

cpe:/a:postgresql:postgresql:8.0.19

cpe:/a:postgresql:postgresql:8.0.2

cpe:/a:postgresql:postgresql:8.0.20

cpe:/a:postgresql:postgresql:8.0.21

cpe:/a:postgresql:postgresql:8.0.22

cpe:/a:postgresql:postgresql:8.0.23

cpe:/a:postgresql:postgresql:8.0.24

cpe:/a:postgresql:postgresql:8.0.25

cpe:/a:postgresql:postgresql:8.0.3

cpe:/a:postgresql:postgresql:8.0.4

cpe:/a:postgresql:postgresql:8.0.5

cpe:/a:postgresql:postgresql:8.0.6

cpe:/a:postgresql:postgresql:8.0.7

cpe:/a:postgresql:postgresql:8.0.8

cpe:/a:postgresql:postgresql:8.0.9

cpe:/a:postgresql:postgresql:8.1

cpe:/a:postgresql:postgresql:8.1.1

cpe:/a:postgresql:postgresql:8.1.10

cpe:/a:postgresql:postgresql:8.1.11

cpe:/a:postgresql:postgresql:8.1.12

cpe:/a:postgresql:postgresql:8.1.13

cpe:/a:postgresql:postgresql:8.1.14

cpe:/a:postgresql:postgresql:8.1.15

cpe:/a:postgresql:postgresql:8.1.16

cpe:/a:postgresql:postgresql:8.1.17

cpe:/a:postgresql:postgresql:8.1.18

cpe:/a:postgresql:postgresql:8.1.19

cpe:/a:postgresql:postgresql:8.1.2

cpe:/a:postgresql:postgresql:8.1.20

cpe:/a:postgresql:postgresql:8.1.21

cpe:/a:postgresql:postgresql:8.1.3

cpe:/a:postgresql:postgresql:8.1.4

cpe:/a:postgresql:postgresql:8.1.5

cpe:/a:postgresql:postgresql:8.1.6

cpe:/a:postgresql:postgresql:8.1.7

cpe:/a:postgresql:postgresql:8.1.8

cpe:/a:postgresql:postgresql:8.1.9

cpe:/a:postgresql:postgresql:8.2

cpe:/a:postgresql:postgresql:8.2.1

cpe:/a:postgresql:postgresql:8.2.10

cpe:/a:postgresql:postgresql:8.2.11

cpe:/a:postgresql:postgresql:8.2.12

cpe:/a:postgresql:postgresql:8.2.13

cpe:/a:postgresql:postgresql:8.2.14

cpe:/a:postgresql:postgresql:8.2.15

cpe:/a:postgresql:postgresql:8.2.16

cpe:/a:postgresql:postgresql:8.2.17

cpe:/a:postgresql:postgresql:8.2.2

cpe:/a:postgresql:postgresql:8.2.3

cpe:/a:postgresql:postgresql:8.2.4

cpe:/a:postgresql:postgresql:8.2.5

cpe:/a:postgresql:postgresql:8.2.6

cpe:/a:postgresql:postgresql:8.2.7

cpe:/a:postgresql:postgresql:8.2.8

cpe:/a:postgresql:postgresql:8.2.9

cpe:/a:postgresql:postgresql:8.3

cpe:/a:postgresql:postgresql:8.3.1

cpe:/a:postgresql:postgresql:8.3.10

cpe:/a:postgresql:postgresql:8.3.11

cpe:/a:postgresql:postgresql:8.3.2

cpe:/a:postgresql:postgresql:8.3.3

cpe:/a:postgresql:postgresql:8.3.4

cpe:/a:postgresql:postgresql:8.3.5

cpe:/a:postgresql:postgresql:8.3.6

cpe:/a:postgresql:postgresql:8.3.7

cpe:/a:postgresql:postgresql:8.3.8

cpe:/a:postgresql:postgresql:8.3.9

cpe:/a:postgresql:postgresql:8.4

cpe:/a:postgresql:postgresql:8.4.1

cpe:/a:postgresql:postgresql:8.4.2

cpe:/a:postgresql:postgresql:8.4.3

cpe:/a:postgresql:postgresql:8.4.4

cpe:/a:postgresql:postgresql:9.0

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

BID 43747

CONFIRM http://www.postgresql.org/about/news.1244

CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=639371

CONFIRM http://www.postgresql.org/docs/9.0/static/release-9-0-1.html

Vulnerability Type Permissions, Privileges, and Access Control (CWE-264)