CVE - CVE-2010-1170

CVE-ID
CVE-2010-1170	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the table's ownership and permissions, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Tcl code by creating this table and inserting a crafted Tcl script.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MLIST:[oss-security] 20100520 CVE-2010-1974 reject request (dupe of CVE-2010-1168) and CVE-2010-1447 description modification request URL:http://www.openwall.com/lists/oss-security/2010/05/20/5 CONFIRM:http://www.postgresql.org/about/news.1203 CONFIRM:http://www.postgresql.org/docs/current/static/release-7-4-29.html CONFIRM:http://www.postgresql.org/docs/current/static/release-8-0-25.html CONFIRM:http://www.postgresql.org/docs/current/static/release-8-1-21.html CONFIRM:http://www.postgresql.org/docs/current/static/release-8-2-17.html CONFIRM:http://www.postgresql.org/docs/current/static/release-8-3-11.html CONFIRM:http://www.postgresql.org/docs/current/static/release-8-4-4.html CONFIRM:http://www.postgresql.org/support/security CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=583072 DEBIAN:DSA-2051 URL:http://www.debian.org/security/2010/dsa-2051 FEDORA:FEDORA-2010-8696 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041559.html FEDORA:FEDORA-2010-8715 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041579.html FEDORA:FEDORA-2010-8723 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041591.html HP:HPSBMU02781 URL:http://marc.info/?l=bugtraq&m=134124585221119&w=2 HP:SSRT100617 URL:http://marc.info/?l=bugtraq&m=134124585221119&w=2 MANDRIVA:MDVSA-2010:103 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:103 REDHAT:RHSA-2010:0427 URL:http://www.redhat.com/support/errata/RHSA-2010-0427.html REDHAT:RHSA-2010:0428 URL:http://www.redhat.com/support/errata/RHSA-2010-0428.html REDHAT:RHSA-2010:0429 URL:http://www.redhat.com/support/errata/RHSA-2010-0429.html REDHAT:RHSA-2010:0430 URL:http://www.redhat.com/support/errata/RHSA-2010-0430.html SUSE:SUSE-SR:2010:014 URL:http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html BID:40215 URL:http://www.securityfocus.com/bid/40215 OSVDB:64757 URL:http://osvdb.org/64757 OVAL:oval:org.mitre.oval:def:10510 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10510 SECTRACK:1023987 URL:http://www.securitytracker.com/id?1023987 SECUNIA:39845 URL:http://secunia.com/advisories/39845 SECUNIA:39820 URL:http://secunia.com/advisories/39820 SECUNIA:39898 URL:http://secunia.com/advisories/39898 SECUNIA:39939 URL:http://secunia.com/advisories/39939 SECUNIA:39815 URL:http://secunia.com/advisories/39815 VUPEN:ADV-2010-1167 URL:http://www.vupen.com/english/advisories/2010/1167 VUPEN:ADV-2010-1207 URL:http://www.vupen.com/english/advisories/2010/1207 VUPEN:ADV-2010-1197 URL:http://www.vupen.com/english/advisories/2010/1197 VUPEN:ADV-2010-1198 URL:http://www.vupen.com/english/advisories/2010/1198 VUPEN:ADV-2010-1182 URL:http://www.vupen.com/english/advisories/2010/1182 VUPEN:ADV-2010-1221 URL:http://www.vupen.com/english/advisories/2010/1221
Assigning CNA
N/A
Date Entry Created
20100329	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20100329)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Use of the Common Vulnerabilities and Exposures (CVE®) List and the associated references from this website are subject to the terms of use. CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 1999–2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. For more information, please contact us.