CVE-2010-1447

Name of the Vulnerable Software and Affected Versions PostgreSQL versions 7.4 through 7.4.28 PostgreSQL versions 8.0 through 8.0.24 PostgreSQL versions 8.1 through 8.1.20 PostgreSQL versions 8.2 through 8.2.16 PostgreSQL versions 8.3 through 8.3.10 PostgreSQL versions 8.4 through 8.4.3 PostgreSQL version 9.0 Beta through 9.0 Beta 1

Description The issue concerns the Safe module for Perl, which is used in PostgreSQL. It does not properly restrict PL/perl procedures, allowing remote attackers to execute arbitrary Perl code through a manipulated script. This is related to the Safe module, also known as Safe.pm, which allows context-dependent attackers to bypass access restrictions and inject code via vectors involving subroutine references and delayed execution.

Recommendations For PostgreSQL versions 7.4 through 7.4.28, update to version 7.4.29 or later. For PostgreSQL versions 8.0 through 8.0.24, update to version 8.0.25 or later. For PostgreSQL versions 8.1 through 8.1.20, update to version 8.1.21 or later. For PostgreSQL versions 8.2 through 8.2.16, update to version 8.2.17 or later. For PostgreSQL versions 8.3 through 8.3.10, update to version 8.3.11 or later. For PostgreSQL versions 8.4 through 8.4.3, update to version 8.4.4 or later. For PostgreSQL version 9.0 Beta through 9.0 Beta 1, update to version 9.0 Beta 2 or later.