Published: 19/05/2010 Updated: 19/09/2017

CVSS v2 Base Score: 8.5 | Impact Score: 10 | Exploitability Score: 6.8

VMScore: 758

Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C

PostgreSQL 7.4 prior to 7.4.29, 8.0 prior to 8.0.25, 8.1 prior to 8.1.21, 8.2 prior to 8.2.17, 8.3 prior to 8.3.11, 8.4 prior to 8.4.4, and 9.0 Beta prior to 9.0 Beta 2 does not properly restrict PL/perl procedures, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Perl code via a crafted script, related to the Safe module (aka Safe.pm) for Perl. NOTE: some sources report that this issue is the same as CVE-2010-1447.

Vulnerable Product	Search on Vulmon	Subscribe to Product
postgresql postgresql 7.4.5
postgresql postgresql 7.4.4
postgresql postgresql 7.4
postgresql postgresql 7.4.1
postgresql postgresql 7.4.14
postgresql postgresql 7.4.15
postgresql postgresql 7.4.28
postgresql postgresql 7.4.27
postgresql postgresql 7.4.3
postgresql postgresql 7.4.2
postgresql postgresql 7.4.8
postgresql postgresql 7.4.18
postgresql postgresql 7.4.25
postgresql postgresql 7.4.13
postgresql postgresql 7.4.21
postgresql postgresql 7.4.26
postgresql postgresql 7.4.7
postgresql postgresql 7.4.24
postgresql postgresql 7.4.10
postgresql postgresql 7.4.22
postgresql postgresql 7.4.19
postgresql postgresql 7.4.16
postgresql postgresql 7.4.6
postgresql postgresql 7.4.9
postgresql postgresql 7.4.11
postgresql postgresql 7.4.23
postgresql postgresql 7.4.12
postgresql postgresql 7.4.20
postgresql postgresql 7.4.17
postgresql postgresql 8.0.1
postgresql postgresql 8.0.14
postgresql postgresql 8.0.18
postgresql postgresql 8.0.19
postgresql postgresql 8.0.6
postgresql postgresql 8.0.22
postgresql postgresql 8.0
postgresql postgresql 8.0.10
postgresql postgresql 8.0.16
postgresql postgresql 8.0.17
postgresql postgresql 8.0.8
postgresql postgresql 8.0.5
postgresql postgresql 8.0.11
postgresql postgresql 8.0.2
postgresql postgresql 8.0.23
postgresql postgresql 8.0.13
postgresql postgresql 8.0.12
postgresql postgresql 8.0.15
postgresql postgresql 8.0.9
postgresql postgresql 8.0.24
postgresql postgresql 8.0.20
postgresql postgresql 8.0.0
postgresql postgresql 8.0.4
postgresql postgresql 8.0.3
postgresql postgresql 8.0.21
postgresql postgresql 8.0.7
postgresql postgresql 8.1.2
postgresql postgresql 8.1.5
postgresql postgresql 8.1.4
postgresql postgresql 8.1.18
postgresql postgresql 8.1.15
postgresql postgresql 8.1.7
postgresql postgresql 8.1.8
postgresql postgresql 8.1.6
postgresql postgresql 8.1.3
postgresql postgresql 8.1.0
postgresql postgresql 8.1.17
postgresql postgresql 8.1.11
postgresql postgresql 8.1.16
postgresql postgresql 8.1
postgresql postgresql 8.1.19
postgresql postgresql 8.1.14
postgresql postgresql 8.1.12
postgresql postgresql 8.1.9
postgresql postgresql 8.1.1
postgresql postgresql 8.1.20
postgresql postgresql 8.1.10
postgresql postgresql 8.1.13
postgresql postgresql 8.2.5
postgresql postgresql 8.2.9
postgresql postgresql 8.2.14
postgresql postgresql 8.2
postgresql postgresql 8.2.7
postgresql postgresql 8.2.6
postgresql postgresql 8.2.11
postgresql postgresql 8.2.16
postgresql postgresql 8.2.15
postgresql postgresql 8.2.12
postgresql postgresql 8.2.8
postgresql postgresql 8.2.13
postgresql postgresql 8.2.1
postgresql postgresql 8.2.3
postgresql postgresql 8.2.2
postgresql postgresql 8.2.10
postgresql postgresql 8.2.4
postgresql postgresql 8.3.1
postgresql postgresql 8.3.4
postgresql postgresql 8.3.5
postgresql postgresql 8.3.2
postgresql postgresql 8.3.8
postgresql postgresql 8.3.3
postgresql postgresql 8.3
postgresql postgresql 8.3.7
postgresql postgresql 8.3.6
postgresql postgresql 8.3.10
postgresql postgresql 8.3.9
postgresql postgresql 8.4
postgresql postgresql 8.4.2
postgresql postgresql 8.4.1
postgresql postgresql 8.4.3
postgresql postgresql 9.0.0

Debian Bug report logs - #582978 perl: safepm code injection vulnerability Package: perl; Maintainer for perl is Niko Tyni <ntyni@debianorg>; Source for perl is src:perl (PTS, buildd, popcon) Reported by: Michael Gilbert <michaelsgilbert@gmailcom> Date: Tue, 25 May 2010 04:39:02 UTC Severity: serious Tags: secu ...

If PostgreSQL was configured to use Perl and/or Tcl stored procedures a remote authenticated attacker could run programs as the database user ...

Get Started

CVE-2010-1169

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect