Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6
CVSSv2

CVE-2010-3433

Published: 06/10/2010 Updated: 19/09/2017
CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8
VMScore: 536
Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P
Subscribe to Postgresql

Vulnerability Summary

The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 prior to 7.4.30, 8.0 prior to 8.0.26, 8.1 prior to 8.1.22, 8.2 prior to 8.2.18, 8.3 prior to 8.3.12, 8.4 prior to 8.4.5, and 9.0 prior to 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447.

Vulnerable Product Search on Vulmon Subscribe to Product

postgresql postgresql 7.4.5

postgresql postgresql 7.4.4

postgresql postgresql 7.4.28

postgresql postgresql 7.4.18

postgresql postgresql 7.4.23

postgresql postgresql 7.4.12

postgresql postgresql 7.4.17

postgresql postgresql 7.4.21

postgresql postgresql 7.4.24

postgresql postgresql 7.4.9

postgresql postgresql 7.4.10

postgresql postgresql 7.4.22

postgresql postgresql 7.4.14

postgresql postgresql 7.4.19

postgresql postgresql 7.4.15

postgresql postgresql 7.4.7

postgresql postgresql 7.4.6

postgresql postgresql 7.4

postgresql postgresql 7.4.1

postgresql postgresql 7.4.25

postgresql postgresql 7.4.13

postgresql postgresql 7.4.26

postgresql postgresql 7.4.3

postgresql postgresql 7.4.2

postgresql postgresql 7.4.29

postgresql postgresql 7.4.8

postgresql postgresql 7.4.27

postgresql postgresql 7.4.11

postgresql postgresql 7.4.16

postgresql postgresql 7.4.20

postgresql postgresql 8.0.14

postgresql postgresql 8.0.1

postgresql postgresql 8.0.17

postgresql postgresql 8.0.18

postgresql postgresql 8.0.5

postgresql postgresql 8.0.6

postgresql postgresql 8.0.11

postgresql postgresql 8.0.20

postgresql postgresql 8.0.13

postgresql postgresql 8.0.4

postgresql postgresql 8.0.25

postgresql postgresql 8.0.21

postgresql postgresql 8.0.24

postgresql postgresql 8.0.23

postgresql postgresql 8.0.2

postgresql postgresql 8.0.19

postgresql postgresql 8.0.12

postgresql postgresql 8.0.15

postgresql postgresql 8.0.22

postgresql postgresql 8.0.9

postgresql postgresql 8.0

postgresql postgresql 8.0.10

postgresql postgresql 8.0.3

postgresql postgresql 8.0.16

postgresql postgresql 8.0.7

postgresql postgresql 8.0.8

postgresql postgresql 8.1.2

postgresql postgresql 8.1.3

postgresql postgresql 8.1.10

postgresql postgresql 8.1.11

postgresql postgresql 8.1.12

postgresql postgresql 8.1.19

postgresql postgresql 8.1.20

postgresql postgresql 8.1.6

postgresql postgresql 8.1.7

postgresql postgresql 8.1.15

postgresql postgresql 8.1.16

postgresql postgresql 8.1.4

postgresql postgresql 8.1.5

postgresql postgresql 8.1.13

postgresql postgresql 8.1.14

postgresql postgresql 8.1.21

postgresql postgresql 8.1

postgresql postgresql 8.1.1

postgresql postgresql 8.1.8

postgresql postgresql 8.1.9

postgresql postgresql 8.1.17

postgresql postgresql 8.1.18

postgresql postgresql 8.2.15

postgresql postgresql 8.2

postgresql postgresql 8.2.12

postgresql postgresql 8.2.5

postgresql postgresql 8.2.2

postgresql postgresql 8.2.7

postgresql postgresql 8.2.14

postgresql postgresql 8.2.1

postgresql postgresql 8.2.3

postgresql postgresql 8.2.10

postgresql postgresql 8.2.17

postgresql postgresql 8.2.8

postgresql postgresql 8.2.13

postgresql postgresql 8.2.4

postgresql postgresql 8.2.16

postgresql postgresql 8.2.6

postgresql postgresql 8.2.11

postgresql postgresql 8.2.9

postgresql postgresql 8.3.1

postgresql postgresql 8.3.4

postgresql postgresql 8.3.5

postgresql postgresql 8.3.2

postgresql postgresql 8.3.9

postgresql postgresql 8.3.7

postgresql postgresql 8.3.11

postgresql postgresql 8.3.8

postgresql postgresql 8.3.6

postgresql postgresql 8.3.10

postgresql postgresql 8.3.3

postgresql postgresql 8.3

postgresql postgresql 8.4.1

postgresql postgresql 8.4.2

postgresql postgresql 8.4

postgresql postgresql 8.4.3

postgresql postgresql 8.4.4

postgresql postgresql 9.0

Vendor Advisories

Red Hat: Moderate: postgresql and postgresql84 security update
Synopsis Moderate: postgresql and postgresql84 security update Type/Severity Security Advisory: Moderate Topic Updated postgresql and postgresql84 packages that fix one security issueare now available for Red Hat Enterprise Linux 4 and 5The Red Hat Security Response Team has rated this update as having mod ...
Ubuntu Security Notice: postgresql-8.1, postgresql-8.3, postgresql-8.4 vulnerability
It was discovered that PostgreSQL did not properly enforce permissions within sessions when PL/Perl and PL/Tcl functions or operators were redefined A remote authenticated attacker could exploit this to execute arbitrary code with permissions of a different user, possibly leading to privilege escalation ...
Ubuntu Security Notice: postgresql-8.4 vulnerability
USN-1002-1 fixed vulnerabilities in PostgreSQL This update provides the corresponding update for Ubuntu 1010 ...

References

CWE-264http://www.securityfocus.com/bid/43747http://www.postgresql.org/about/news.1244https://bugzilla.redhat.com/show_bug.cgi?id=639371http://www.postgresql.org/docs/9.0/static/release-9-0-1.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:197http://www.debian.org/security/2010/dsa-2120http://www.redhat.com/support/errata/RHSA-2010-0742.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-October/049591.htmlhttp://www.ubuntu.com/usn/USN-1002-1http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049592.htmlhttp://www.ubuntu.com/usn/USN-1002-2http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0908.htmlhttp://www.vupen.com/english/advisories/2010/3051http://secunia.com/advisories/42325http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.htmlhttp://marc.info/?l=bugtraq&m=134124585221119&w=2http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7291https://access.redhat.com/errata/RHSA-2010:0742https://nvd.nist.govhttps://usn.ubuntu.com/1002-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975CVE-2024-2961CVE-2024-20380XML injectionHTML injectionCVE-2024-29204CVE-2023-51795memory leakCVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook