Strix
26.1K

CVE-2010-1170

UnknownEPSS 2.91%

Last modified

CVE-2010-1170 is a vulnerability of currently unknown severity. The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the table's ownership and permissions, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Tcl code by creating this table and inserting a crafted Tcl script.. EPSS estimates a 2.91% chance of exploitation in the next 30 days.

Description

The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the table's ownership and permissions, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Tcl code by creating this table and inserting a crafted Tcl script.

Metrics

EPSS Probability
2.91%

85.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersionsUpdate
PostgresqlPostgresql7.4
PostgresqlPostgresql7.4.1
PostgresqlPostgresql7.4.2
PostgresqlPostgresql7.4.3
PostgresqlPostgresql7.4.4
PostgresqlPostgresql7.4.5
PostgresqlPostgresql7.4.6
PostgresqlPostgresql7.4.7
PostgresqlPostgresql7.4.8
PostgresqlPostgresql7.4.9
PostgresqlPostgresql7.4.10
PostgresqlPostgresql7.4.11
PostgresqlPostgresql7.4.12
PostgresqlPostgresql7.4.13
PostgresqlPostgresql7.4.14
PostgresqlPostgresql7.4.15
PostgresqlPostgresql7.4.16
PostgresqlPostgresql7.4.17
PostgresqlPostgresql7.4.18
PostgresqlPostgresql7.4.19
PostgresqlPostgresql7.4.20
PostgresqlPostgresql7.4.21
PostgresqlPostgresql7.4.22
PostgresqlPostgresql7.4.23
PostgresqlPostgresql7.4.24
PostgresqlPostgresql7.4.25
PostgresqlPostgresql7.4.26
PostgresqlPostgresql7.4.27
PostgresqlPostgresql7.4.28
PostgresqlPostgresql8.0
PostgresqlPostgresql8.0.0
PostgresqlPostgresql8.0.1
PostgresqlPostgresql8.0.2
PostgresqlPostgresql8.0.3
PostgresqlPostgresql8.0.4
PostgresqlPostgresql8.0.5
PostgresqlPostgresql8.0.6
PostgresqlPostgresql8.0.7
PostgresqlPostgresql8.0.8
PostgresqlPostgresql8.0.9
PostgresqlPostgresql8.0.10
PostgresqlPostgresql8.0.11
PostgresqlPostgresql8.0.12
PostgresqlPostgresql8.0.13
PostgresqlPostgresql8.0.14
PostgresqlPostgresql8.0.15
PostgresqlPostgresql8.0.16
PostgresqlPostgresql8.0.17
PostgresqlPostgresql8.0.18
PostgresqlPostgresql8.0.19

Showing 50 of 110 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2010-1170?
The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the table's ownership and permissions, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Tcl code by creating this table and inserting a crafted Tcl script.
How severe is CVE-2010-1170?
Severity scoring for CVE-2010-1170 is pending analysis. The EPSS model estimates a 2.91% probability of exploitation in the next 30 days.
How do I fix CVE-2010-1170?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2010-1170?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST