Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2010:0908
The remote host is missing updates announced in
advisory RHSA-2010:0908.

PostgreSQL is an advanced object-relational database management system
(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the
Perl and Tcl languages. The PostgreSQL SECURITY DEFINER parameter, which
can be used when creating a new PostgreSQL function, specifies that the
function will be executed with the privileges of the user that created it.

It was discovered that a user could utilize the features of the PL/Perl and
PL/Tcl languages to modify the behavior of a SECURITY DEFINER function
created by a different user. If the PL/Perl or PL/Tcl language was used to
implement a SECURITY DEFINER function, an authenticated database user could
use a PL/Perl or PL/Tcl script to modify the behavior of that function
during subsequent calls in the same session. This would result in the
modified or injected code also being executed with the privileges of the
user who created the SECURITY DEFINER function, possibly leading to
privilege escalation. (CVE-2010-3433)

These updated postgresql packages upgrade PostgreSQL to version 8.4.5.
Refer to the PostgreSQL Release Notes for a list of changes:

All PostgreSQL users are advised to upgrade to these updated packages,
which correct this issue. If the postgresql service is running, it will be
automatically restarted after installing this update.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : High

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-3433
BugTraq ID: 43747
Debian Security Information: DSA-2120 (Google Search)
HPdes Security Advisory: HPSBMU02781
HPdes Security Advisory: SSRT100617
SuSE Security Announcement: SUSE-SR:2010:019 (Google Search)
SuSE Security Announcement: SUSE-SR:2010:020 (Google Search)
CopyrightCopyright (c) 2011 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.