CVE ID:	CVE-2010-1170
Description:	The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the table's ownership and permissions, which allows remote authenticated users, with database- creation privileges, to execute arbitrary Tcl code by creating this table and inserting a crafted Tcl script.
Test IDs:	1.3.6.1.4.1.25623.1.0.67471   1.3.6.1.4.1.25623.1.0.122357   1.3.6.1.4.1.25623.1.0.67404   1.3.6.1.4.1.25623.1.0.67465   1.3.6.1.4.1.25623.1.0.68348   1.3.6.1.4.1.25623.1.0.67468   1.3.6.1.4.1.25623.1.0.68356
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1170 1023987 http://www.securitytracker.com/id?1023987 39815 http://secunia.com/advisories/39815 39820 http://secunia.com/advisories/39820 39845 http://secunia.com/advisories/39845 39898 http://secunia.com/advisories/39898 39939 http://secunia.com/advisories/39939 40215 http://www.securityfocus.com/bid/40215 64757 http://osvdb.org/64757 ADV-2010-1167 http://www.vupen.com/english/advisories/2010/1167 ADV-2010-1182 http://www.vupen.com/english/advisories/2010/1182 ADV-2010-1197 http://www.vupen.com/english/advisories/2010/1197 ADV-2010-1198 http://www.vupen.com/english/advisories/2010/1198 ADV-2010-1207 http://www.vupen.com/english/advisories/2010/1207 ADV-2010-1221 http://www.vupen.com/english/advisories/2010/1221 DSA-2051 http://www.debian.org/security/2010/dsa-2051 FEDORA-2010-8696 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041559.html FEDORA-2010-8715 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041579.html FEDORA-2010-8723 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041591.html HPSBMU02781 http://marc.info/?l=bugtraq&m=134124585221119&w=2 MDVSA-2010:103 http://www.mandriva.com/security/advisories?name=MDVSA-2010:103 RHSA-2010:0427 http://www.redhat.com/support/errata/RHSA-2010-0427.html RHSA-2010:0428 http://www.redhat.com/support/errata/RHSA-2010-0428.html RHSA-2010:0429 http://www.redhat.com/support/errata/RHSA-2010-0429.html RHSA-2010:0430 http://www.redhat.com/support/errata/RHSA-2010-0430.html SSRT100617 http://marc.info/?l=bugtraq&m=134124585221119&w=2 SUSE-SR:2010:014 http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html [oss-security] 20100520 CVE-2010-1974 reject request (dupe of CVE-2010-1168) and CVE-2010-1447 description modification request http://www.openwall.com/lists/oss-security/2010/05/20/5 http://www.postgresql.org/about/news.1203 http://www.postgresql.org/about/news.1203 http://www.postgresql.org/docs/current/static/release-7-4-29.html http://www.postgresql.org/docs/current/static/release-7-4-29.html http://www.postgresql.org/docs/current/static/release-8-0-25.html http://www.postgresql.org/docs/current/static/release-8-0-25.html http://www.postgresql.org/docs/current/static/release-8-1-21.html http://www.postgresql.org/docs/current/static/release-8-1-21.html http://www.postgresql.org/docs/current/static/release-8-2-17.html http://www.postgresql.org/docs/current/static/release-8-2-17.html http://www.postgresql.org/docs/current/static/release-8-3-11.html http://www.postgresql.org/docs/current/static/release-8-3-11.html http://www.postgresql.org/docs/current/static/release-8-4-4.html http://www.postgresql.org/docs/current/static/release-8-4-4.html http://www.postgresql.org/support/security http://www.postgresql.org/support/security https://bugzilla.redhat.com/show_bug.cgi?id=583072 https://bugzilla.redhat.com/show_bug.cgi?id=583072 oval:org.mitre.oval:def:10510 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10510