Novell Home

CVE-2010-3433

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2010-3433 at MITRE

Description

The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447.

NVD CVSS v2 Base Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)

Novell/SUSE information

Novell Bugzilla entry: 643771, 648140

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 11.1
  • postgresql-debuginfo >= 8.3.12-0.1.2
  • postgresql-debugsource >= 8.3.12-0.1.2
openSUSE 11.1
  • postgresql >= 8.3.12-0.1.2
  • postgresql-contrib >= 8.3.12-0.1.2
  • postgresql-devel >= 8.3.12-0.1.2
  • postgresql-docs >= 8.3.12-0.1.2
  • postgresql-libs >= 8.3.12-0.1.2
  • postgresql-libs-32bit >= 8.3.12-0.1.2
  • postgresql-libs-64bit >= 8.3.12-0.1.2
  • postgresql-plperl >= 8.3.12-0.1.2
  • postgresql-plpython >= 8.3.12-0.1.2
  • postgresql-pltcl >= 8.3.12-0.1.2
  • postgresql-server >= 8.3.12-0.1.2
openSUSE 11.2
  • postgresql-contrib-debuginfo >= 8.4.5-0.2.1
  • postgresql-debuginfo >= 8.4.5-0.2.1
  • postgresql-debugsource >= 8.4.5-0.2.1
  • postgresql-devel-debuginfo >= 8.4.5-0.2.1
  • postgresql-libs-debuginfo >= 8.4.5-0.2.1
  • postgresql-libs-debuginfo-32bit >= 8.4.5-0.2.1
  • postgresql-server-debuginfo >= 8.4.5-0.2.1
openSUSE 11.2
  • postgresql >= 8.4.5-0.2.1
  • postgresql-contrib >= 8.4.5-0.2.1
  • postgresql-devel >= 8.4.5-0.2.1
  • postgresql-docs >= 8.4.5-0.2.1
  • postgresql-libs >= 8.4.5-0.2.1
  • postgresql-libs-32bit >= 8.4.5-0.2.1
  • postgresql-plperl >= 8.4.5-0.2.1
  • postgresql-plpython >= 8.4.5-0.2.1
  • postgresql-pltcl >= 8.4.5-0.2.1
  • postgresql-server >= 8.4.5-0.2.1
openSUSE 11.3
  • postgresql-contrib-debuginfo >= 8.4.5-0.3.1
  • postgresql-debuginfo >= 8.4.5-0.3.1
  • postgresql-debugsource >= 8.4.5-0.3.1
  • postgresql-devel-debuginfo >= 8.4.5-0.3.1
  • postgresql-libs-debuginfo >= 8.4.5-0.3.1
  • postgresql-libs-debuginfo-32bit >= 8.4.5-0.3.1
  • postgresql-server-debuginfo >= 8.4.5-0.3.1
openSUSE 11.3
  • postgresql >= 8.4.5-0.3.1
  • postgresql-contrib >= 8.4.5-0.3.1
  • postgresql-devel >= 8.4.5-0.3.1
  • postgresql-docs >= 8.4.5-0.3.1
  • postgresql-libs >= 8.4.5-0.3.1
  • postgresql-libs-32bit >= 8.4.5-0.3.1
  • postgresql-plperl >= 8.4.5-0.3.1
  • postgresql-plpython >= 8.4.5-0.3.1
  • postgresql-pltcl >= 8.4.5-0.3.1
  • postgresql-server >= 8.4.5-0.3.1
SUSE Linux Enterprise Desktop 10 SP3 for x86
  • postgresql-devel >= 8.1.22-0.4.1
  • postgresql-libs >= 8.1.22-0.4.1
sles10-sp3.ppc
sles10-sp3.x86
sle10-sp3-sdk.ppc
sles10-sp3.ia64
sle10-sp3-sdk.x86-64
sle10-sp3-sdk.ia64
sle10-sp3-sdk.s390x
sles10-sp3.s390x
sles10-sp3.x86-64
sle10-sp3-sdk.x86
sled10-sp3.x86
sled10-sp3.x86-64
ZYPP Patch Nr: 7186
SUSE Linux Enterprise Desktop 10 SP3 for AMD64 and Intel EM64T
  • postgresql-devel >= 8.1.22-0.4.1
  • postgresql-libs >= 8.1.22-0.4.1
  • postgresql-libs-32bit >= 8.1.22-0.4.1
sles10-sp3.ppc
sles10-sp3.x86
sle10-sp3-sdk.ppc
sles10-sp3.ia64
sle10-sp3-sdk.x86-64
sle10-sp3-sdk.ia64
sle10-sp3-sdk.s390x
sles10-sp3.s390x
sles10-sp3.x86-64
sle10-sp3-sdk.x86
sled10-sp3.x86
sled10-sp3.x86-64
ZYPP Patch Nr: 7186
SUSE Linux Enterprise SDK 10 SP3
SUSE Linux Enterprise Server 10 SP3
SUSE Linux Enterprise Server for SAP 10 SP3
  • postgresql >= 8.1.22-0.4.1
  • postgresql-contrib >= 8.1.22-0.4.1
  • postgresql-devel >= 8.1.22-0.4.1
  • postgresql-docs >= 8.1.22-0.4.1
  • postgresql-libs >= 8.1.22-0.4.1
  • postgresql-libs-32bit >= 8.1.22-0.4.1
  • postgresql-pl >= 8.1.22-0.4.1
  • postgresql-server >= 8.1.22-0.4.1
sles10-sp3.ppc
sles10-sp3.x86
sle10-sp3-sdk.ppc
sles10-sp3.ia64
sle10-sp3-sdk.x86-64
sle10-sp3-sdk.ia64
sle10-sp3-sdk.s390x
sles10-sp3.s390x
sles10-sp3.x86-64
sle10-sp3-sdk.x86
sled10-sp3.x86
sled10-sp3.x86-64
ZYPP Patch Nr: 7186
SUSE Linux Enterprise SDK 10 SP3
  • postgresql >= 8.1.22-0.4.1
  • postgresql-contrib >= 8.1.22-0.4.1
  • postgresql-devel >= 8.1.22-0.4.1
  • postgresql-docs >= 8.1.22-0.4.1
  • postgresql-pl >= 8.1.22-0.4.1
  • postgresql-server >= 8.1.22-0.4.1
sles10-sp3.ppc
sles10-sp3.x86
sle10-sp3-sdk.ppc
sles10-sp3.ia64
sle10-sp3-sdk.x86-64
sle10-sp3-sdk.ia64
sle10-sp3-sdk.s390x
sles10-sp3.s390x
sles10-sp3.x86-64
sle10-sp3-sdk.x86
sled10-sp3.x86
sled10-sp3.x86-64
ZYPP Patch Nr: 7186
SUSE Linux Enterprise Server 10 SP3
  • postgresql >= 8.1.22-0.4.1
  • postgresql-contrib >= 8.1.22-0.4.1
  • postgresql-devel >= 8.1.22-0.4.1
  • postgresql-docs >= 8.1.22-0.4.1
  • postgresql-libs >= 8.1.22-0.4.1
  • postgresql-pl >= 8.1.22-0.4.1
  • postgresql-server >= 8.1.22-0.4.1
sles10-sp3.ppc
sles10-sp3.x86
sle10-sp3-sdk.ppc
sles10-sp3.ia64
sle10-sp3-sdk.x86-64
sle10-sp3-sdk.ia64
sle10-sp3-sdk.s390x
sles10-sp3.s390x
sles10-sp3.x86-64
sle10-sp3-sdk.x86
sled10-sp3.x86
sled10-sp3.x86-64
ZYPP Patch Nr: 7186
SUSE Linux Enterprise Server 10 SP3
  • postgresql >= 8.1.22-0.4.1
  • postgresql-contrib >= 8.1.22-0.4.1
  • postgresql-devel >= 8.1.22-0.4.1
  • postgresql-docs >= 8.1.22-0.4.1
  • postgresql-libs >= 8.1.22-0.4.1
  • postgresql-libs-x86 >= 8.1.22-0.4.1
  • postgresql-pl >= 8.1.22-0.4.1
  • postgresql-server >= 8.1.22-0.4.1
sles10-sp3.ppc
sles10-sp3.x86
sle10-sp3-sdk.ppc
sles10-sp3.ia64
sle10-sp3-sdk.x86-64
sle10-sp3-sdk.ia64
sle10-sp3-sdk.s390x
sles10-sp3.s390x
sles10-sp3.x86-64
sle10-sp3-sdk.x86
sled10-sp3.x86
sled10-sp3.x86-64
ZYPP Patch Nr: 7186
SUSE Linux Enterprise Server 10 SP3
  • postgresql >= 8.1.22-0.4.1
  • postgresql-contrib >= 8.1.22-0.4.1
  • postgresql-devel >= 8.1.22-0.4.1
  • postgresql-docs >= 8.1.22-0.4.1
  • postgresql-libs >= 8.1.22-0.4.1
  • postgresql-libs-64bit >= 8.1.22-0.4.1
  • postgresql-pl >= 8.1.22-0.4.1
  • postgresql-server >= 8.1.22-0.4.1
sles10-sp3.ppc
sles10-sp3.x86
sle10-sp3-sdk.ppc
sles10-sp3.ia64
sle10-sp3-sdk.x86-64
sle10-sp3-sdk.ia64
sle10-sp3-sdk.s390x
sles10-sp3.s390x
sles10-sp3.x86-64
sle10-sp3-sdk.x86
sled10-sp3.x86
sled10-sp3.x86-64
ZYPP Patch Nr: 7186

© 2014 Novell