CVE-2010-1169

Published: May 19, 2010Modified: Apr 29, 2026

8.5

Vector

AV:N/AC:M/Au:S/C:C/I:C/A:C

Exploitability: 6.8 / Impact: 10.0

Source: NVD

Description

PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Perl code via a crafted script, related to the Safe module (aka Safe.pm) for Perl. NOTE: some sources report that this issue is the same as CVE-2010-1447.

Affected (110)

Products: Postgresql: Postgresql

Postgresql

1 product

Postgresql

Configuration A

29 vulnerable

Vulnerable Software	Affected Versions
Postgresql Postgresql	Version 7.4.10
Postgresql Postgresql	Version 7.4.11
Postgresql Postgresql	Version 7.4.12
Postgresql Postgresql	Version 7.4.13
Postgresql Postgresql	Version 7.4.14
Postgresql Postgresql	Version 7.4.15
Postgresql Postgresql	Version 7.4.16
Postgresql Postgresql	Version 7.4.17
Postgresql Postgresql	Version 7.4.18
Postgresql Postgresql	Version 7.4.19
Postgresql Postgresql	Version 7.4.1
Postgresql Postgresql	Version 7.4.20
Postgresql Postgresql	Version 7.4.21
Postgresql Postgresql	Version 7.4.22
Postgresql Postgresql	Version 7.4.23
Postgresql Postgresql	Version 7.4.24
Postgresql Postgresql	Version 7.4.25
Postgresql Postgresql	Version 7.4.26
Postgresql Postgresql	Version 7.4.27
Postgresql Postgresql	Version 7.4.28
Postgresql Postgresql	Version 7.4.2
Postgresql Postgresql	Version 7.4.3
Postgresql Postgresql	Version 7.4.4
Postgresql Postgresql	Version 7.4.5
Postgresql Postgresql	Version 7.4.6
Postgresql Postgresql	Version 7.4.7
Postgresql Postgresql	Version 7.4.8
Postgresql Postgresql	Version 7.4.9
Postgresql Postgresql	Version 7.4

Configuration B

26 vulnerable

Vulnerable Software	Affected Versions
Postgresql Postgresql	Version 8.0.0
Postgresql Postgresql	Version 8.0.10
Postgresql Postgresql	Version 8.0.11
Postgresql Postgresql	Version 8.0.12
Postgresql Postgresql	Version 8.0.13
Postgresql Postgresql	Version 8.0.14
Postgresql Postgresql	Version 8.0.15
Postgresql Postgresql	Version 8.0.16
Postgresql Postgresql	Version 8.0.17
Postgresql Postgresql	Version 8.0.18
Postgresql Postgresql	Version 8.0.19
Postgresql Postgresql	Version 8.0.1
Postgresql Postgresql	Version 8.0.20
Postgresql Postgresql	Version 8.0.21
Postgresql Postgresql	Version 8.0.22
Postgresql Postgresql	Version 8.0.23
Postgresql Postgresql	Version 8.0.24
Postgresql Postgresql	Version 8.0.2
Postgresql Postgresql	Version 8.0.3
Postgresql Postgresql	Version 8.0.4
Postgresql Postgresql	Version 8.0.5
Postgresql Postgresql	Version 8.0.6
Postgresql Postgresql	Version 8.0.7
Postgresql Postgresql	Version 8.0.8
Postgresql Postgresql	Version 8.0.9
Postgresql Postgresql	Version 8.0

Configuration C

22 vulnerable

Vulnerable Software	Affected Versions
Postgresql Postgresql	Version 8.1.0
Postgresql Postgresql	Version 8.1.10
Postgresql Postgresql	Version 8.1.11
Postgresql Postgresql	Version 8.1.12
Postgresql Postgresql	Version 8.1.13
Postgresql Postgresql	Version 8.1.14
Postgresql Postgresql	Version 8.1.15
Postgresql Postgresql	Version 8.1.16
Postgresql Postgresql	Version 8.1.17
Postgresql Postgresql	Version 8.1.18
Postgresql Postgresql	Version 8.1.19
Postgresql Postgresql	Version 8.1.1
Postgresql Postgresql	Version 8.1.20
Postgresql Postgresql	Version 8.1.2
Postgresql Postgresql	Version 8.1.3
Postgresql Postgresql	Version 8.1.4
Postgresql Postgresql	Version 8.1.5
Postgresql Postgresql	Version 8.1.6
Postgresql Postgresql	Version 8.1.7
Postgresql Postgresql	Version 8.1.8
Postgresql Postgresql	Version 8.1.9
Postgresql Postgresql	Version 8.1

Configuration D

17 vulnerable

Vulnerable Software	Affected Versions
Postgresql Postgresql	Version 8.2.10
Postgresql Postgresql	Version 8.2.11
Postgresql Postgresql	Version 8.2.12
Postgresql Postgresql	Version 8.2.13
Postgresql Postgresql	Version 8.2.14
Postgresql Postgresql	Version 8.2.15
Postgresql Postgresql	Version 8.2.16
Postgresql Postgresql	Version 8.2.1
Postgresql Postgresql	Version 8.2.2
Postgresql Postgresql	Version 8.2.3
Postgresql Postgresql	Version 8.2.4
Postgresql Postgresql	Version 8.2.5
Postgresql Postgresql	Version 8.2.6
Postgresql Postgresql	Version 8.2.7
Postgresql Postgresql	Version 8.2.8
Postgresql Postgresql	Version 8.2.9
Postgresql Postgresql	Version 8.2

Configuration E

11 vulnerable

Vulnerable Software	Affected Versions
Postgresql Postgresql	Version 8.3.10
Postgresql Postgresql	Version 8.3.1
Postgresql Postgresql	Version 8.3.2
Postgresql Postgresql	Version 8.3.3
Postgresql Postgresql	Version 8.3.4
Postgresql Postgresql	Version 8.3.5
Postgresql Postgresql	Version 8.3.6
Postgresql Postgresql	Version 8.3.7
Postgresql Postgresql	Version 8.3.8
Postgresql Postgresql	Version 8.3.9
Postgresql Postgresql	Version 8.3

Configuration F

4 vulnerable

Vulnerable Software	Affected Versions
Postgresql Postgresql	Version 8.4.1
Postgresql Postgresql	Version 8.4.2
Postgresql Postgresql	Version 8.4.3
Postgresql Postgresql	Version 8.4

Configuration G

1 vulnerable

Vulnerable Software	Affected Versions
Postgresql Postgresql	Version 9.0.0 beta1

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (76)

http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041559.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041579.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041591.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

Source: secalert@redhat.com

http://marc.info/?l=bugtraq&m=134124585221119&w=2

Source: secalert@redhat.com

http://osvdb.org/64755

Source: secalert@redhat.com

http://secunia.com/advisories/39815

Source: secalert@redhat.com

http://secunia.com/advisories/39820

Source: secalert@redhat.com

http://secunia.com/advisories/39845

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/39898

Source: secalert@redhat.com

http://secunia.com/advisories/39939

Source: secalert@redhat.com

http://www.debian.org/security/2010/dsa-2051

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2010:103

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2010/05/20/5

Source: secalert@redhat.com

http://www.postgresql.org/about/news.1203

Source: secalert@redhat.com

Patch

http://www.postgresql.org/docs/current/static/release-7-4-29.html

Source: secalert@redhat.com

http://www.postgresql.org/docs/current/static/release-8-0-25.html

Source: secalert@redhat.com

http://www.postgresql.org/docs/current/static/release-8-1-21.html

Source: secalert@redhat.com

http://www.postgresql.org/docs/current/static/release-8-2-17.html

Source: secalert@redhat.com

http://www.postgresql.org/docs/current/static/release-8-3-11.html

Source: secalert@redhat.com

http://www.postgresql.org/docs/current/static/release-8-4-4.html

Source: secalert@redhat.com

http://www.postgresql.org/support/security

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2010-0427.html

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2010-0428.html

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2010-0429.html

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2010-0430.html

Source: secalert@redhat.com

http://www.securityfocus.com/bid/40215

Source: secalert@redhat.com

http://www.securitytracker.com/id?1023988

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2010/1167

Source: secalert@redhat.com

Vendor Advisory

http://www.vupen.com/english/advisories/2010/1182

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2010/1197

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2010/1198

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2010/1207

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2010/1221

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=582615

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=588269

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/58693

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10645

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041559.html