6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
7.4 High
AI Score
Confidence
Low
0.04 Low
EPSS
Percentile
92.1%
The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447.
kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
lists.fedoraproject.org/pipermail/package-announce/2010-October/049591.html
lists.fedoraproject.org/pipermail/package-announce/2010-October/049592.html
lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html
marc.info/?l=bugtraq&m=134124585221119&w=2
secunia.com/advisories/42325
www.debian.org/security/2010/dsa-2120
www.mandriva.com/security/advisories?name=MDVSA-2010:197
www.postgresql.org/about/news.1244
www.postgresql.org/docs/9.0/static/release-9-0-1.html
www.redhat.com/support/errata/RHSA-2010-0742.html
www.redhat.com/support/errata/RHSA-2010-0908.html
www.securityfocus.com/bid/43747
www.ubuntu.com/usn/USN-1002-1
www.ubuntu.com/usn/USN-1002-2
www.vupen.com/english/advisories/2010/3051
bugzilla.redhat.com/show_bug.cgi?id=639371
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7291