Lucene search

K

Veracode Vulnerability DatabaseVERACODE:24198

HistoryApr 10, 2020 - 12:48 a.m.

Remote Code Execution (RCE)

2020-04-1000:48:52

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

12

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

PostgreSQL is vulnerable to remote code execution (RCE). Due to a flaw found in the way PostgreSQL enforced permission checks on scripts written in PL/Tcl, if the PL/Tcl procedural language was registered on a particular database, an authenticated database user running a specially-crafted PL/Tcl script could use this flaw to bypass intended PL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl scripts with the privileges of the database server.

CPENameOperatorVersion
postgresqleq8.1.9__1.el5
postgresqleq8.1.18__2.el5_4.1
postgresqleq7.4.19__1.el4_6.1
postgresqleq8.1.11__1.el5_1.1
postgresqleq7.4.26__1.el4_8.1
postgresqleq8.1.8__1.el5
postgresql84eq8.4.2__5.el5
postgresqleq8.1.9__1.el5
postgresqleq8.1.18__2.el5_4.1
postgresqleq7.4.19__1.el4_6.1

Rows per page:

1-10 of 141

References

lists.fedoraproject.org/pipermail/package-announce/2010-May/041559.html

lists.fedoraproject.org/pipermail/package-announce/2010-May/041579.html

lists.fedoraproject.org/pipermail/package-announce/2010-May/041591.html

lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

marc.info/?l=bugtraq&m=134124585221119&w=2

osvdb.org/64757

secunia.com/advisories/39815

secunia.com/advisories/39820

secunia.com/advisories/39845

secunia.com/advisories/39898

secunia.com/advisories/39939

www.debian.org/security/2010/dsa-2051

www.mandriva.com/security/advisories?name=MDVSA-2010:103

www.openwall.com/lists/oss-security/2010/05/20/5

www.postgresql.org/about/news.1203

www.postgresql.org/docs/current/static/release-7-4-29.html

www.postgresql.org/docs/current/static/release-8-0-25.html

www.postgresql.org/docs/current/static/release-8-1-21.html

www.postgresql.org/docs/current/static/release-8-2-17.html

www.postgresql.org/docs/current/static/release-8-3-11.html

www.postgresql.org/docs/current/static/release-8-4-4.html

www.postgresql.org/support/security

www.redhat.com/security/updates/classification/#moderate

www.redhat.com/support/errata/RHSA-2010-0427.html

www.redhat.com/support/errata/RHSA-2010-0428.html

www.redhat.com/support/errata/RHSA-2010-0429.html

www.redhat.com/support/errata/RHSA-2010-0430.html

www.securityfocus.com/bid/40215

www.securitytracker.com/id?1023987

www.vupen.com/english/advisories/2010/1167

www.vupen.com/english/advisories/2010/1182

www.vupen.com/english/advisories/2010/1197

www.vupen.com/english/advisories/2010/1198

www.vupen.com/english/advisories/2010/1207

www.vupen.com/english/advisories/2010/1221

access.redhat.com/errata/RHSA-2010:0428

bugzilla.redhat.com/show_bug.cgi?id=583072

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10510

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

Related for VERACODE:24198

cvelist1 ubuntucve2 cve2 prion2 postgresql1 openvas43 securityvulns2 nessus31 fedora8 seebug1 debian5 ubuntu1 oraclelinux4 threatpost1 redhat4 centos4 osv1 gentoo1