Vulnerability Description
The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Postgresql | Postgresql | 7.4 |
Related Weaknesses (CWE)
References
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://osvdb.org/64756
- http://secunia.com/advisories/39845Vendor Advisory
- http://secunia.com/advisories/40049
- http://secunia.com/advisories/40052
- http://security-tracker.debian.org/tracker/CVE-2010-1447
- http://www.debian.org/security/2011/dsa-2267
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:115
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:116
- http://www.openwall.com/lists/oss-security/2010/05/20/5
- http://www.postgresql.org/about/news.1203
- http://www.redhat.com/support/errata/RHSA-2010-0457.html
- http://www.redhat.com/support/errata/RHSA-2010-0458.html
- http://www.securityfocus.com/bid/40305
- http://www.securitytracker.com/id?1023988
FAQ
What is CVE-2010-1447?
CVE-2010-1447 is a vulnerability with a CVSS score of 8.5 (HIGH). The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 bef...
How severe is CVE-2010-1447?
CVE-2010-1447 has been rated HIGH with a CVSS base score of 8.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-1447?
Check the references section above for vendor advisories and patch information. Affected products include: Postgresql Postgresql.