CVSS: 6.0EPSS: 0%CPEs: 110EXPL: 0CVE-2010-1170 – PostgreSQL: PL/Tcl Intended restriction bypass
https://notcve.org/view.php?id=CVE-2010-1170
The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the table's ownership and permissions, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Tcl code by creating this table and inserting a crafted Tcl script. Vulnerabilidad en la implementación PL/Tcl en PostgreSQL v7.4 anterior a v7.4.29, v8.0 anterior a v8.0.25, v8.1 anterior a v8.1.21, v8.2 anterior a v8.2.17, v8.3 anterior a v8.3.11, v8.4 anterior a v8.4.4 y v9.0 Beta anterior a v9.0 Beta 2, carga código Tcl desde la tabla pltcl_modules sin importar el propietario y los permisos de la tabla, permite a usuarios autenticados remotamente, con privilegios "database-creation", ejecutar código Tcl de su elección mediante la creación de esta tabla e insertando código Tcl manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041559.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041579.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041591.html http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://marc.info/?l=bugtraq&m=134124585221119&w=2 http://osvdb.org/64757 http://secunia.com/advisories/39815 http://secunia.com/advisories/39820 http://secunia.com/advisories/39845 ht • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.5EPSS: 4%CPEs: 82EXPL: 1CVE-2010-0733 – PostgreSQL 8.4.1 - JOIN Hashtable Size Integer Overflow Denial of Service
https://notcve.org/view.php?id=CVE-2010-0733
Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to certain hashtable size calculations. Desbordamiento de entero en src/backend/executor/nodeHash.c en PostgreSQL v8.4.1 y anteriores, y v8.5 hasta v8.5alpha2, permite a usuarios autenticados provocar una denegación de servicio (caída de demonio) a través de la declaración SELECT con muchas claúsulas LEFT JOIN, relacionados con ciertos cálculos del tamaño de tabla hash. PostgreSQL versions 8.4.1 suffer from a JOIN hashtable size integer overflow denial of service vulnerability. • https://www.exploit-db.com/exploits/33729 http://archives.postgresql.org/pgsql-bugs/2009-10/msg00277.php http://archives.postgresql.org/pgsql-bugs/2009-10/msg00287.php http://archives.postgresql.org/pgsql-bugs/2009-10/msg00289.php http://archives.postgresql.org/pgsql-bugs/2009-10/msg00310.php http://git.postgresql.org/gitweb?p=postgresql.git%3Ba=commit%3Bh=64b057e6823655fb6c5d1f24a28f236b94dd6c54 http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://secunia.com/advisories/ • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 95%CPEs: 6EXPL: 2CVE-2010-0442 – PostgreSQL - 'bitsubstr' Buffer Overflow
https://notcve.org/view.php?id=CVE-2010-0442
The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an "overflow." La función bitsubstr en backend/utils/adt/varbit.c en PostgreSQL v8.0.23, v8.1.11 y v8.3.8 permite a usuarios remotos autenticados causar una denegación de servicio (cuelgue del demonio) o tener otro impacto no especificado a través de vectores que implican un entero negativo en el tercer argumento, como lo demuestra una instrucción SELECT que contiene una llamada a la función substring de una cadena de bits, relacionado con un desbordamiento. • https://www.exploit-db.com/exploits/33571 http://archives.postgresql.org/pgsql-committers/2010-01/msg00125.php http://archives.postgresql.org/pgsql-hackers/2010-01/msg00634.php http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567058 http://git.postgresql.org/gitweb?p=postgresql.git%3Ba=commit%3Bh=75dea10196c31d98d98c0bafeeb576ae99c09b12 http://git.postgresql.org/gitweb?p=postgresql.git%3Ba=commit%3Bh=b15087cb39ca9e4bde3c8920fcee3741045d2b83 http://intevydis.blogspot.com/2010/01/postgresql-8023-bitsubstr-overflow.html http • CWE-189: Numeric Errors •
CVSS: 5.8EPSS: 0%CPEs: 92EXPL: 0CVE-2009-4034
https://notcve.org/view.php?id=CVE-2009-4034
PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based PostgreSQL servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended client-hostname restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. PostgreSQL v7.4.x anteriores a v7.4.27, v8.0.x anteriores a v8.0.23, v8.1.x anteriores a v8.1.19, v8.2.x anteriores a v8.2.15, v8.3.x anteriores a v8.3.9, y v8.4.x anteriores a v8.4.2 no maneja adecuadamente un caracter '/0' en el nombre de dominio en el campo "subject" del Nombre Común (CN) de un certificado X.509, lo que permite (1) a atacantes man-in-the-middle falsificar a conveniencia los servidores PostgreSQL basados en SSL a través de un certificado de servidor manipulado obtenido a través de una autoridad certificadora legitima, y (2)permite a atacantes remotos evitar las restricciones cliente-hostname a través de un certificado manipulado obtenido a través de una autoridad certificadora legitima, un asunto relacionado con CVE-2009-2408. • http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html http://marc.info/?l=bugtraq&m=134124585221119&w=2 http://osvdb.org/61038 http://secunia.com/advisories/37663 http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012 http://www.mandriva.com/security/advisories?name=MDVSA-2009:333 http://www.postgresql.org/docs/current/static/release-7-4-27.html http://www.postgresql.org/docs/current/static/release-8-0-23.html http://www.postgresql.org/docs/current/ • CWE-310: Cryptographic Issues •
CVSS: 6.5EPSS: 2%CPEs: 92EXPL: 0CVE-2009-4136 – postgresql: SQL privilege escalation via modifications to session-local state
https://notcve.org/view.php?id=CVE-2009-4136
PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230. PostgreSQL v7.4.x anteriores a v7.4.27, v8.0.x anteriores a v8.0.23, v8.1.x anteriores a v8.1.19, v8.2.x anteriores a v8.2.15, v8.3.x anteriores a v8.3.9, y v8.4.x anteriores a v8.4.2 no gestiona adecuadamente el estado de la sesión local durante la ejecución de una función de indexado por parte de un superusuario de base de datos, lo que permite a usuarios remotos autenticados conseguir ganar privilegios a través de una tabla con las funcione de indexado manipuladas, como se demuestra en las funciones (1) search_path o (2) una declaración, un asunto relacionado con CVE-2007-6600 y CVE-2009-3230. • http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html http://marc.info/?l=bugtraq&m=134124585221119&w=2 http://osvdb.org/61039 http://secunia.com/advisories/37663 http://secunia.com/advisories/39820 http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012 http://www.mandriva.com/security/advisories?name=MDVSA-2009:333 http://www.postgresql.org/docs/current/static/release-7-4-27.html http://www.postgresql.org/docs/current/static/release-8-0-23.html http: •