[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-3433Date: (C)2010-10-06   (M)2023-12-22


The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.0
Exploit Score: 6.8
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECUNIA-42325
BID-43747
ADV-2010-3051
DSA-2120
FEDORA-2010-15954
FEDORA-2010-15960
MDVSA-2010:197
RHSA-2010:0742
RHSA-2010:0908
SSRT100617
SUSE-SR:2010:019
SUSE-SR:2010:020
USN-1002-1
USN-1002-2
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://www.postgresql.org/about/news.1244
http://www.postgresql.org/docs/9.0/static/release-9-0-1.html
https://bugzilla.redhat.com/show_bug.cgi?id=639371
oval:org.mitre.oval:def:7291

CPE    114
cpe:/a:postgresql:postgresql:7.4.10
cpe:/a:postgresql:postgresql:7.4.9
cpe:/a:postgresql:postgresql:7.4.11
cpe:/a:postgresql:postgresql:7.4.8
...
CWE    1
CWE-264
OVAL    18
oval:org.secpod.oval:def:201713
oval:org.secpod.oval:def:200047
oval:org.secpod.oval:def:201897
oval:org.secpod.oval:def:700100
...

© SecPod Technologies