Vulnerability DatabaseCVE-2010-1169
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2010-1169
May 19, 2010
PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Perl code via a crafted script, related to the Safe module (aka Safe.pm) for Perl. NOTE: some sources report that this issue is the same as CVE-2010-1447.
Related ResourcesĀ (40)
http://www.mandriva.com/security/advisories?name=MDVSA-2010:103
http://www.vupen.com/english/advisories/2010/1198
http://www.debian.org/security/2010/dsa-2051
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041579.html
http://secunia.com/advisories/39939
http://www.securitytracker.com/id?1023988
http://www.postgresql.org/support/security
https://bugzilla.redhat.com/show_bug.cgi?id=582615
http://secunia.com/advisories/39898
http://www.vupen.com/english/advisories/2010/1221
https://people.canonical.com/~ubuntu-security/cve/CVE-2010-1169
http://www.postgresql.org/docs/current/static/release-8-1-21.html
http://www.vupen.com/english/advisories/2010/1197
http://secunia.com/advisories/39815
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041559.html
http://www.postgresql.org/about/news.1203
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041591.html
http://www.postgresql.org/docs/current/static/release-8-0-25.html
https://bugzilla.redhat.com/show_bug.cgi?id=588269
http://www.postgresql.org/docs/current/static/release-7-4-29.html
https://access.redhat.com/security/cve/CVE-2010-1169
http://www.postgresql.org/docs/current/static/release-8-4-4.html
http://www.redhat.com/support/errata/RHSA-2010-0429.html
http://marc.info/?l=bugtraq&m=134124585221119&w=2
http://secunia.com/advisories/39845
http://www.postgresql.org/docs/current/static/release-8-3-11.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10645
http://www.redhat.com/support/errata/RHSA-2010-0427.html
http://osvdb.org/64755
http://www.vupen.com/english/advisories/2010/1182
http://www.redhat.com/support/errata/RHSA-2010-0428.html
http://www.vupen.com/english/advisories/2010/1207
http://www.securityfocus.com/bid/40215
http://www.vupen.com/english/advisories/2010/1167
http://www.redhat.com/support/errata/RHSA-2010-0430.html
http://www.openwall.com/lists/oss-security/2010/05/20/5
http://www.postgresql.org/docs/current/static/release-8-2-17.html
http://secunia.com/advisories/39820
https://exchange.xforce.ibmcloud.com/vulnerabilities/58693
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
Do you need more information?
Contact Us
CVSS v4
Base Score:
7.7
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
7.5
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
CVSS v2
Base Score:
8.5
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
Weakness Type (CWE)
Improper Control of Generation of Code ('Code Injection')
CWE-94
EPSS
Base Score:
0.95