New Search

Vulnerability in PostgreSQL (CVE-2010-1170)

oval:org.cisecurity:def:8186

The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29 8.0 before 8.0.25 8.1 before 8.1.21 8.2 before 8.2.17 8.3 before 8.3.11 8.4 before 8.4.4 and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the table's ownership and permissions which allows remote authenticated users with database-creation privileges to execute arbitrary Tcl code by creating this table and inserting a crafted Tcl script.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2003
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows 8
  • Microsoft Windows 10
  • Microsoft Windows Vista
  • Microsoft Windows 7
  • Microsoft Windows Server 2008
  • Microsoft Windows Server 2016
  • Microsoft Windows 8.1
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows XP
  • Microsoft Windows Server 2012
Class:
vulnerability
Reference(s):
  • CVE-2010-1170
Product(s):
  • PostgreSQL