Executive Summary

Informations
Name MDVSA-2010:197 First vendor Publication 2010-10-06
Vendor Mandriva Last vendor Modification 2010-10-06
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:S/C:P/I:P/A:P)
Cvss Base Score 6 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 6.8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple vulnerabilities was discovered and corrected in postgresql:

An authenticated database user can manipulate modules and tied variables in some external procedural languages to execute code with enhanced privileges (CVE-2010-3433).

Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490

This update provides a solution to these vulnerabilities.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2010:197

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12311
 
Oval ID: oval:org.mitre.oval:def:12311
Title: DSA-2120-1 postgresql-8.3 -- privilege escalation
Description: Tim Bunce discovered that PostgreSQL, a database server software, does not properly separate interpreters for server-side stored procedures which run in different security contexts. As a result, non-privileged authenticated database users might gain additional privileges. Note that this security update may impact intended communication through global variables between stored procedures. It might be necessary to convert these functions to run under the plperlu or pltclu languages, with database superuser privileges. This security update also includes unrelated bug fixes from PostgreSQL 8.3.12. For the stable distribution, this problem has been fixed in version 8.3_8.3.12-0lenny1. For the unstable distribution, this problem has been fixed in version 8.4.5-1 of the postgresql-8.4 package. We recommend that you upgrade your PostgreSQL packages.
Family: unix Class: patch
Reference(s): DSA-2120-1
CVE-2010-3433
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): postgresql-8.3
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12988
 
Oval ID: oval:org.mitre.oval:def:12988
Title: USN-1002-2 -- postgresql-8.4 vulnerability
Description: USN-1002-1 fixed vulnerabilities in PostgreSQL. This update provides the corresponding update for Ubuntu 10.10. Original advisory details: It was discovered that PostgreSQL did not properly enforce permissions within sessions when PL/Perl and PL/Tcl functions or operators were redefined. A remote authenticated attacker could exploit this to execute arbitrary code with permissions of a different user, possibly leading to privilege escalation.
Family: unix Class: patch
Reference(s): USN-1002-2
CVE-2010-3433
Version: 5
Platform(s): Ubuntu 10.10
Product(s): postgresql-8.4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13340
 
Oval ID: oval:org.mitre.oval:def:13340
Title: USN-1002-1 -- postgresql-8.1, postgresql-8.3, postgresql-8.4 vulnerability
Description: It was discovered that PostgreSQL did not properly enforce permissions within sessions when PL/Perl and PL/Tcl functions or operators were redefined. A remote authenticated attacker could exploit this to execute arbitrary code with permissions of a different user, possibly leading to privilege escalation.
Family: unix Class: patch
Reference(s): USN-1002-1
CVE-2010-3433
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.04
Ubuntu 9.10
Ubuntu 6.06
Ubuntu 9.04
Product(s): postgresql-8.1
postgresql-8.3
postgresql-8.4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21895
 
Oval ID: oval:org.mitre.oval:def:21895
Title: RHSA-2010:0908: postgresql security update (Moderate)
Description: The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447.
Family: unix Class: patch
Reference(s): RHSA-2010:0908-01
CVE-2010-3433
Version: 4
Platform(s): Red Hat Enterprise Linux 6
Product(s): postgresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22220
 
Oval ID: oval:org.mitre.oval:def:22220
Title: RHSA-2010:0742: postgresql and postgresql84 security update (Moderate)
Description: The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447.
Family: unix Class: patch
Reference(s): RHSA-2010:0742-01
CESA-2010:0742
CVE-2010-3433
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): postgresql
postgresql84
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22819
 
Oval ID: oval:org.mitre.oval:def:22819
Title: ELSA-2010:0742: postgresql and postgresql84 security update (Moderate)
Description: The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447.
Family: unix Class: patch
Reference(s): ELSA-2010:0742-01
CVE-2010-3433
Version: 6
Platform(s): Oracle Linux 5
Product(s): postgresql
postgresql84
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23035
 
Oval ID: oval:org.mitre.oval:def:23035
Title: ELSA-2010:0908: postgresql security update (Moderate)
Description: The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447.
Family: unix Class: patch
Reference(s): ELSA-2010:0908-01
CVE-2010-3433
Version: 6
Platform(s): Oracle Linux 6
Product(s): postgresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7291
 
Oval ID: oval:org.mitre.oval:def:7291
Title: Privilege-escalation vulnerability in PostgreSQL version less than or equal to 9.0
Description: The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3433
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): PostgreSQL
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 114

OpenVAS Exploits

Date Description
2012-02-12 Name : Gentoo Security Advisory GLSA 201110-22 (postgresql-server postgresql-base)
File : nvt/glsa_201110_22.nasl
2011-08-09 Name : CentOS Update for postgresql84 CESA-2010:0742 centos5 i386
File : nvt/gb_CESA-2010_0742_postgresql84_centos5_i386.nasl
2011-08-09 Name : CentOS Update for postgresql CESA-2010:0742 centos5 i386
File : nvt/gb_CESA-2010_0742_postgresql_centos5_i386.nasl
2011-02-11 Name : Fedora Update for postgresql FEDORA-2011-0963
File : nvt/gb_fedora_2011_0963_postgresql_fc13.nasl
2010-12-02 Name : Fedora Update for postgresql FEDORA-2010-15852
File : nvt/gb_fedora_2010_15852_postgresql_fc14.nasl
2010-12-02 Name : Fedora Update for sepostgresql FEDORA-2010-15870
File : nvt/gb_fedora_2010_15870_sepostgresql_fc14.nasl
2010-11-23 Name : Ubuntu Update for postgresql-8.4 vulnerability USN-1002-2
File : nvt/gb_ubuntu_USN_1002_2.nasl
2010-11-17 Name : Debian Security Advisory DSA 2120-1 (postgresql-8.3)
File : nvt/deb_2120_1.nasl
2010-11-04 Name : Fedora Update for sepostgresql FEDORA-2010-16004
File : nvt/gb_fedora_2010_16004_sepostgresql_fc13.nasl
2010-10-22 Name : Fedora Update for postgresql FEDORA-2010-15954
File : nvt/gb_fedora_2010_15954_postgresql_fc12.nasl
2010-10-22 Name : Fedora Update for postgresql FEDORA-2010-15960
File : nvt/gb_fedora_2010_15960_postgresql_fc13.nasl
2010-10-19 Name : CentOS Update for postgresql CESA-2010:0742 centos4 i386
File : nvt/gb_CESA-2010_0742_postgresql_centos4_i386.nasl
2010-10-19 Name : RedHat Update for postgresql and postgresql84 RHSA-2010:0742-01
File : nvt/gb_RHSA-2010_0742-01_postgresql_and_postgresql84.nasl
2010-10-19 Name : Mandriva Update for postgresql MDVSA-2010:197 (postgresql)
File : nvt/gb_mandriva_MDVSA_2010_197.nasl
2010-10-19 Name : Ubuntu Update for PostgreSQL vulnerability USN-1002-1
File : nvt/gb_ubuntu_USN_1002_1.nasl
2010-10-06 Name : PostgreSQL PL/Perl and PL/Tcl Local Privilege Escalation Vulnerability
File : nvt/gb_postgresql_43747.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
68436 PostgreSQL PL perl / Tcl SECURITY DEFINER Function Crafted Script Code Execut...

PostgreSQL contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when the PL/perl and PL/Tcl implementations fail to properly prevent different SQL users from executing scripts in the same session, allowing a remote authenticated attacker to use crafted script code in a SECURITY DEFINER function to gain elevated privileges, allowing the execution of SQL code with the privileges of the initial user.

Information Assurance Vulnerability Management (IAVM)

Date Description
2012-08-16 IAVM : 2012-A-0136 - Multiple Vulnerabilities in Juniper Network Management Products
Severity : Category I - VMSKEY : V0033662

Nessus® Vulnerability Scanner

Date Description
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_postgresql-101019.nasl - Type : ACT_GATHER_INFO
2013-09-13 Name : The remote host is affected by multiple vulnerabilities.
File : juniper_nsm_2012_1.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0742.nasl - Type : ACT_GATHER_INFO
2012-12-28 Name : The remote database server is affected by a privilege escalation vulnerability.
File : postgresql_20101005.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101123_postgresql_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101006_postgresql_and_postgresql84_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2011-10-25 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201110-22.nasl - Type : ACT_GATHER_INFO
2010-11-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0908.nasl - Type : ACT_GATHER_INFO
2010-10-29 Name : The remote Fedora host is missing a security update.
File : fedora_2010-15870.nasl - Type : ACT_GATHER_INFO
2010-10-28 Name : The remote Fedora host is missing a security update.
File : fedora_2010-16004.nasl - Type : ACT_GATHER_INFO
2010-10-28 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_postgresql-101019.nasl - Type : ACT_GATHER_INFO
2010-10-28 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_postgresql-101012.nasl - Type : ACT_GATHER_INFO
2010-10-20 Name : The remote Fedora host is missing a security update.
File : fedora_2010-15960.nasl - Type : ACT_GATHER_INFO
2010-10-20 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_postgresql-7186.nasl - Type : ACT_GATHER_INFO
2010-10-20 Name : The remote Fedora host is missing a security update.
File : fedora_2010-15954.nasl - Type : ACT_GATHER_INFO
2010-10-18 Name : The remote Fedora host is missing a security update.
File : fedora_2010-15852.nasl - Type : ACT_GATHER_INFO
2010-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2120.nasl - Type : ACT_GATHER_INFO
2010-10-08 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1002-1.nasl - Type : ACT_GATHER_INFO
2010-10-08 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1002-2.nasl - Type : ACT_GATHER_INFO
2010-10-07 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0742.nasl - Type : ACT_GATHER_INFO
2010-10-07 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0742.nasl - Type : ACT_GATHER_INFO
2010-10-07 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-197.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:41:46
  • Multiple Updates