Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2010-1170

Опубликовано: 17 мая 2010
Источник: redhat
CVSS2: 4.9

Описание

The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the table's ownership and permissions, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Tcl code by creating this table and inserting a crafted Tcl script.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux Extended Update Support 4.8postgresqlAffected
Red Hat Enterprise Linux Extended Update Support 6.0postgresqlAffected
Red Hat Enterprise Linux 3rh-postgresqlFixedRHSA-2010:042719.05.2010
Red Hat Enterprise Linux 4postgresqlFixedRHSA-2010:042819.05.2010
Red Hat Enterprise Linux 5postgresqlFixedRHSA-2010:042919.05.2010
Red Hat Enterprise Linux 5postgresql84FixedRHSA-2010:043019.05.2010

Показывать по

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=583072PostgreSQL: PL/Tcl Intended restriction bypass

4.9 Medium

CVSS2

Связанные уязвимости

ubuntu
около 15 лет назад

The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the table's ownership and permissions, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Tcl code by creating this table and inserting a crafted Tcl script.

nvd
около 15 лет назад

The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the table's ownership and permissions, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Tcl code by creating this table and inserting a crafted Tcl script.

debian
около 15 лет назад

The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before ...

github
больше 3 лет назад

The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the table's ownership and permissions, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Tcl code by creating this table and inserting a crafted Tcl script.

oracle-oval
около 15 лет назад

ELSA-2010-0430: postgresql84 security update (MODERATE)

4.9 Medium

CVSS2