CVE-2010-1170

CVE Details

Release Date:	2010-05-19
Impact:	Moderate	What is this?

Description

The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the table's ownership and permissions, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Tcl code by creating this table and inserting a crafted Tcl script. The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447.

See more information about CVE-2010-1170 from MITRE CVE dictionary and NIST NVD

NOTE: The following CVSS metrics and score provided are preliminary and subject to review.

CVSS v2 metrics

Base Score:	6.0
Vector String:	AV:N/AC:M/Au:S/C:P/I:P/A:P
Version:	2.0
Attack Vector:	Network
Attack Complexity:	Medium
Authentication:	Single
Confidentiality Impact:	Partial
Integrity Impact:	Partial
Availability Impact:	Partial

Errata information

Platform	Errata	Release Date
Oracle Enterprise Linux version 4 (postgresql)	ELSA-2010-0428	2010-05-19
Oracle Linux version 5 (postgresql)	ELSA-2010-0429	2010-05-19
Oracle Linux version 5 (postgresql84)	ELSA-2010-0430	2010-05-19