Vulnerability Details : CVE-2010-3433
The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447.
Threat overview for CVE-2010-3433
Top countries where our scanners detected CVE-2010-3433
Top open port discovered on systems with this issue
5432
IPs affected by CVE-2010-3433 29,356
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2010-3433!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2010-3433
Probability of exploitation activity in the next 30 days: 3.96%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 91 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-3433
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.0
|
MEDIUM | AV:N/AC:M/Au:S/C:P/I:P/A:P |
6.8
|
6.4
|
NIST |
CWE ids for CVE-2010-3433
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-3433
-
http://www.ubuntu.com/usn/USN-1002-1
USN-1002-1: PostgreSQL vulnerability | Ubuntu security notices
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:197
mandriva.com
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049591.html
[SECURITY] Fedora 12 Update: postgresql-8.4.5-1.fc12
-
https://bugzilla.redhat.com/show_bug.cgi?id=639371
639371 – (CVE-2010-3433) CVE-2010-3433 PostgreSQL (PL/Perl, PL/Tcl): SECURITY DEFINER function keyword bypass
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7291
Repository / Oval Repository
-
http://www.vupen.com/english/advisories/2010/3051
Webmail | OVH- OVH
-
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Juniper Networks - 2015-10 Security Bulletin: CTPView: Multiple Vulnerabilities in CTPView
-
http://marc.info/?l=bugtraq&m=134124585221119&w=2
'[security bulletin] HPSBMU02781 SSRT100617 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux' - MARC
-
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:019
-
http://www.debian.org/security/2010/dsa-2120
Debian -- Security Information -- DSA-2120-1 postgresql-8.3
-
http://www.ubuntu.com/usn/USN-1002-2
USN-1002-2: PostgreSQL vulnerability | Ubuntu security notices
-
http://www.postgresql.org/about/news.1244
PostgreSQL: Not FoundPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/43747
PostgreSQL PL/Perl and PL/Tcl Local Privilege Escalation Vulnerability
-
http://www.redhat.com/support/errata/RHSA-2010-0742.html
Support
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049592.html
[SECURITY] Fedora 13 Update: postgresql-8.4.5-1.fc13
-
http://www.redhat.com/support/errata/RHSA-2010-0908.html
Support
-
http://www.postgresql.org/docs/9.0/static/release-9-0-1.html
PostgreSQL: Documentation: 9.0: Release 9.0.1
-
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:020
Products affected by CVE-2010-3433
- cpe:2.3:a:postgresql:postgresql:7.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.12:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.14:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.15:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.16:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.17:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.18:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.16:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.24:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.13:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.13:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.21:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.23:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.25:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.19:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.20:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.14:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.15:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.21:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.22:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.26:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.18:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.14:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.22:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.17:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.23:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.16:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.15:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.24:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.20:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.19:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.27:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.28:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.29:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.25:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.21:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.17:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3.11:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.0:*:*:*:*:*:*:*