CVE-2010-1169

Name of the Vulnerable Software and Affected Versions PostgreSQL versions 7.4 through 7.4.28 PostgreSQL versions 8.0 through 8.0.24 PostgreSQL versions 8.1 through 8.1.20 PostgreSQL versions 8.2 through 8.2.16 PostgreSQL versions 8.3 through 8.3.10 PostgreSQL versions 8.4 through 8.4.3 PostgreSQL version 9.0 Beta before 9.0 Beta 2

Description The issue is related to the improper restriction of PL/perl procedures, allowing remote authenticated users with database-creation privileges to execute arbitrary Perl code via a crafted script. This is related to the Safe module (aka Safe.pm) for Perl. An authenticated user can run arbitrary Perl code on the database server if PL/Perl is installed and enabled.

Recommendations For PostgreSQL versions 7.4 through 7.4.28, update to version 7.4.29 or later. For PostgreSQL versions 8.0 through 8.0.24, update to version 8.0.25 or later. For PostgreSQL versions 8.1 through 8.1.20, update to version 8.1.21 or later. For PostgreSQL versions 8.2 through 8.2.16, update to version 8.2.17 or later. For PostgreSQL versions 8.3 through 8.3.10, update to version 8.3.11 or later. For PostgreSQL versions 8.4 through 8.4.3, update to version 8.4.4 or later. For PostgreSQL version 9.0 Beta before 9.0 Beta 2, update to version 9.0 Beta 2 or later.