Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-942-1
HistoryMay 21, 2010 - 12:00 a.m.

PostgreSQL vulnerabilities

2010-05-2100:00:00
ubuntu.com
53

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

AI Score

7.3

Confidence

Low

EPSS

0.006

Percentile

78.2%

JSON

Releases

  • Ubuntu 10.04
  • Ubuntu 9.10
  • Ubuntu 9.04
  • Ubuntu 8.04
  • Ubuntu 6.06

Packages

  • postgresql-8.1 - object-relational SQL database, version 8.1 server
  • postgresql-8.3 - object-relational SQL database, version 8.3 server
  • postgresql-8.4 - object-relational SQL database, version 8.4 server

Details

It was discovered that the Safe.pm module as used by PostgreSQL did not
properly restrict PL/perl procedures. If PostgreSQL was configured to use
Perl stored procedures, a remote authenticated attacker could exploit this
to execute arbitrary Perl code. (CVE-2010-1169)

It was discovered that PostgreSQL did not properly check permissions to
restrict PL/Tcl procedures. If PostgreSQL was configured to use Tcl stored
procedures, a remote authenticated attacker could exploit this to execute
arbitrary Tcl code. (CVE-2010-1170)

It was discovered that PostgreSQL did not properly check privileges during
certain RESET ALL operations. A remote authenticated attacker could exploit
this to remove all special parameter settings for a user or database.
(CVE-2010-1975)

OSVersionArchitecturePackageVersionFilename
Ubuntu9.10noarchpostgresql-pltcl-8.4<ย 8.4.4-0ubuntu9.10UNKNOWN
Ubuntu9.10noarchlibecpg-compat3<ย 8.4.4-0ubuntu9.10UNKNOWN
Ubuntu9.10noarchlibecpg-dev<ย 8.4.4-0ubuntu9.10UNKNOWN
Ubuntu9.10noarchlibecpg6<ย 8.4.4-0ubuntu9.10UNKNOWN
Ubuntu9.10noarchlibpgtypes3<ย 8.4.4-0ubuntu9.10UNKNOWN
Ubuntu9.10noarchlibpq-dev<ย 8.4.4-0ubuntu9.10UNKNOWN
Ubuntu9.10noarchlibpq5<ย 8.4.4-0ubuntu9.10UNKNOWN
Ubuntu9.10noarchpostgresql-8.4<ย 8.4.4-0ubuntu9.10UNKNOWN
Ubuntu9.10noarchpostgresql-client-8.4<ย 8.4.4-0ubuntu9.10UNKNOWN
Ubuntu9.10noarchpostgresql-contrib-8.4<ย 8.4.4-0ubuntu9.10UNKNOWN
Rows per page:
1-10 of 651

Related

debian 5
nessus 31
openvas 44
oraclelinux 4
centos 4
redhat 4
fedora 8
securityvulns 2
osv 4
seebug 2
threatpost 1
veracode 3
prion 4
postgresql 3
cve 4
cvelist 4
nvd 4
ubuntucve 4
gentoo 1
debian
debian
[Backports-security-announce] Security Update for postgresql-8.4
2010-05-25 11:30:45
[Backports-security-announce] Security Update for postgresql-8.4
2010-05-25 11:24:49
[SECURITY] [DSA 2051-1] New postgresql-8.3 packages fix several vulnerabilities
2010-05-24 16:00:11
nessus
nessus
Oracle Linux 5 : postgresql84 (ELSA-2010-0430)
2013-07-12 00:00:00
CentOS 5 : postgresql84 (CESA-2010:0430)
2010-06-01 00:00:00
RHEL 5 : postgresql84 (RHSA-2010:0430)
2010-05-20 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-942-1)
2010-05-28 00:00:00
Oracle: Security Advisory (ELSA-2010-0430)
2015-10-06 00:00:00
Debian Security Advisory DSA 2051-1 (postgresql-8.3)
2010-06-03 00:00:00
oraclelinux
oraclelinux
postgresql84 security update
2010-05-19 00:00:00
postgresql security update
2010-05-19 00:00:00
postgresql security update
2010-05-19 00:00:00
centos
centos
postgresql84 security update
2010-05-28 10:47:00
postgresql security update
2010-05-28 10:45:13
postgresql security update
2010-05-21 22:22:02
redhat
redhat
(RHSA-2010:0430) Moderate: postgresql84 security update
2010-05-19 00:00:00
(RHSA-2010:0429) Moderate: postgresql security update
2010-05-19 00:00:00
(RHSA-2010:0428) Moderate: postgresql security update
2010-05-19 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: postgresql-8.3.11-1.fc11
2010-05-18 21:57:56
[SECURITY] Fedora 12 Update: postgresql-8.4.4-1.fc12
2010-05-18 21:53:33
[SECURITY] Fedora 13 Update: postgresql-8.4.4-1.fc13
2010-05-18 21:45:09
securityvulns
securityvulns
PostgreSQL code execution
2010-05-26 00:00:00
[USN-942-1] PostgreSQL vulnerabilities
2010-05-26 00:00:00
osv
osv
postgresql-8.3 - several
2010-05-24 00:00:00
postgresql94-9.4.10-1.1 on GA media
2024-06-15 00:00:00
libecpg6-32bit-9.5.4-1.2 on GA media
2024-06-15 00:00:00
seebug
seebug
PostgreSQL PL/perlๅ’ŒPL/tclๅญ˜ๅ‚จ่ฟ‡็จ‹็ป•่ฟ‡ๅฎ‰ๅ…จ้™ๅˆถๆผๆดž
2010-05-20 00:00:00
PostgreSQL RESET ALLๆ“ไฝœไธๅฎ‰ๅ…จๆƒ้™ๆฃ€ๆŸฅๆผๆดž
2010-05-21 00:00:00
threatpost
threatpost
PostgreSQL Vulnerabilities Fixed
2010-05-17 14:36:50
veracode
veracode
Access Restriction Bypass
2020-04-10 00:48:52
Denial Of Service (DoS)
2020-04-10 00:48:53
Remote Code Execution (RCE)
2020-04-10 00:48:52
prion
prion
Code injection
2010-10-06 17:00:00
Code injection
2010-05-19 18:30:00
Code injection
2010-05-19 18:30:00
postgresql
postgresql
Vulnerability in core server (CVE-2010-1169)
2010-05-19 18:30:00
Vulnerability in core server (CVE-2010-1975)
2010-05-19 18:30:00
Vulnerability in core server (CVE-2010-1170)
2010-05-19 18:30:00
cve
cve
CVE-2010-3433
2010-10-06 17:00:16
CVE-2010-1975
2010-05-19 18:30:03
CVE-2010-1170
2010-05-19 18:30:03
cvelist
cvelist
CVE-2010-3433
2010-10-06 16:00:00
CVE-2010-1170
2010-05-19 18:13:00
CVE-2010-1975
2010-05-19 18:13:00
nvd
nvd
CVE-2010-3433
2010-10-06 17:00:16
CVE-2010-1170
2010-05-19 18:30:03
CVE-2010-1975
2010-05-19 18:30:03
ubuntucve
ubuntucve
CVE-2010-1170
2010-05-21 00:00:00
CVE-2010-3433
2010-10-05 00:00:00
CVE-2010-1975
2010-05-18 00:00:00
gentoo
gentoo
PostgreSQL: Multiple vulnerabilities
2011-10-25 00:00:00

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

AI Score

7.3

Confidence

Low

EPSS

0.006

Percentile

78.2%

JSON
Related for USN-942-1
debian5nessus31openvas44oraclelinux4centos4redhat4fedora8securityvulns2osv4seebug2threatpost1veracode3prion4postgresql3cve4cvelist4nvd4ubuntucve4gentoo1