JVN/CVE Demo: Cveinfos

CVE

Id: 43754
CVE No.: CVE-2010-1170
Status: Candidate
Description: The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the table"s ownership and permissions, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Tcl code by creating this table and inserting a crafted Tcl script.
Phase: Assigned (20100329)
Votes: None (candidate not yet proposed)
Comments

Actions

Related CVE References

Id	CVE Id	CVE No.	Reference	Actions
476497	43754	CVE-2010-1170	MLIST:[oss-security] 20100520 CVE-2010-1974 reject request (dupe of CVE-2010-1168) and CVE-2010-1447 description modification request	View
476498	43754	CVE-2010-1170	URL:http://www.openwall.com/lists/oss-security/2010/05/20/5	View
476499	43754	CVE-2010-1170	CONFIRM:http://www.postgresql.org/about/news.1203	View
476500	43754	CVE-2010-1170	CONFIRM:http://www.postgresql.org/docs/current/static/release-7-4-29.html	View
476501	43754	CVE-2010-1170	CONFIRM:http://www.postgresql.org/docs/current/static/release-8-0-25.html	View
476502	43754	CVE-2010-1170	CONFIRM:http://www.postgresql.org/docs/current/static/release-8-1-21.html	View
476503	43754	CVE-2010-1170	CONFIRM:http://www.postgresql.org/docs/current/static/release-8-2-17.html	View
476504	43754	CVE-2010-1170	CONFIRM:http://www.postgresql.org/docs/current/static/release-8-3-11.html	View
476505	43754	CVE-2010-1170	CONFIRM:http://www.postgresql.org/docs/current/static/release-8-4-4.html	View
476506	43754	CVE-2010-1170	CONFIRM:http://www.postgresql.org/support/security	View
476507	43754	CVE-2010-1170	CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=583072	View
476508	43754	CVE-2010-1170	DEBIAN:DSA-2051	View
476509	43754	CVE-2010-1170	URL:http://www.debian.org/security/2010/dsa-2051	View
476510	43754	CVE-2010-1170	FEDORA:FEDORA-2010-8696	View
476511	43754	CVE-2010-1170	URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041559.html	View
476512	43754	CVE-2010-1170	FEDORA:FEDORA-2010-8715	View
476513	43754	CVE-2010-1170	URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041579.html	View
476514	43754	CVE-2010-1170	FEDORA:FEDORA-2010-8723	View
476515	43754	CVE-2010-1170	URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041591.html	View
476516	43754	CVE-2010-1170	HP:HPSBMU02781	View
476517	43754	CVE-2010-1170	URL:http://marc.info/?l=bugtraq&m=134124585221119&w=2	View
476518	43754	CVE-2010-1170	HP:SSRT100617	View
476519	43754	CVE-2010-1170	URL:http://marc.info/?l=bugtraq&m=134124585221119&w=2	View
476520	43754	CVE-2010-1170	MANDRIVA:MDVSA-2010:103	View
476521	43754	CVE-2010-1170	URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:103	View
476522	43754	CVE-2010-1170	REDHAT:RHSA-2010:0427	View
476523	43754	CVE-2010-1170	URL:http://www.redhat.com/support/errata/RHSA-2010-0427.html	View
476524	43754	CVE-2010-1170	REDHAT:RHSA-2010:0428	View
476525	43754	CVE-2010-1170	URL:http://www.redhat.com/support/errata/RHSA-2010-0428.html	View
476526	43754	CVE-2010-1170	REDHAT:RHSA-2010:0429	View
476527	43754	CVE-2010-1170	URL:http://www.redhat.com/support/errata/RHSA-2010-0429.html	View
476528	43754	CVE-2010-1170	REDHAT:RHSA-2010:0430	View
476529	43754	CVE-2010-1170	URL:http://www.redhat.com/support/errata/RHSA-2010-0430.html	View
476530	43754	CVE-2010-1170	SUSE:SUSE-SR:2010:014	View
476531	43754	CVE-2010-1170	URL:http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html	View
476532	43754	CVE-2010-1170	BID:40215	View
476533	43754	CVE-2010-1170	URL:http://www.securityfocus.com/bid/40215	View
476534	43754	CVE-2010-1170	OSVDB:64757	View
476535	43754	CVE-2010-1170	URL:http://osvdb.org/64757	View
476536	43754	CVE-2010-1170	OVAL:oval:org.mitre.oval:def:10510	View
476537	43754	CVE-2010-1170	URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10510	View
476538	43754	CVE-2010-1170	SECTRACK:1023987	View
476539	43754	CVE-2010-1170	URL:http://www.securitytracker.com/id?1023987	View
476540	43754	CVE-2010-1170	SECUNIA:39845	View
476541	43754	CVE-2010-1170	URL:http://secunia.com/advisories/39845	View
476542	43754	CVE-2010-1170	SECUNIA:39820	View
476543	43754	CVE-2010-1170	URL:http://secunia.com/advisories/39820	View
476544	43754	CVE-2010-1170	SECUNIA:39898	View
476545	43754	CVE-2010-1170	URL:http://secunia.com/advisories/39898	View
476546	43754	CVE-2010-1170	SECUNIA:39939	View
476547	43754	CVE-2010-1170	URL:http://secunia.com/advisories/39939	View
476548	43754	CVE-2010-1170	SECUNIA:39815	View
476549	43754	CVE-2010-1170	URL:http://secunia.com/advisories/39815	View
476550	43754	CVE-2010-1170	VUPEN:ADV-2010-1167	View
476551	43754	CVE-2010-1170	URL:http://www.vupen.com/english/advisories/2010/1167	View
476552	43754	CVE-2010-1170	VUPEN:ADV-2010-1207	View
476553	43754	CVE-2010-1170	URL:http://www.vupen.com/english/advisories/2010/1207	View
476554	43754	CVE-2010-1170	VUPEN:ADV-2010-1197	View
476555	43754	CVE-2010-1170	URL:http://www.vupen.com/english/advisories/2010/1197	View
476556	43754	CVE-2010-1170	VUPEN:ADV-2010-1198	View
476557	43754	CVE-2010-1170	URL:http://www.vupen.com/english/advisories/2010/1198	View
476558	43754	CVE-2010-1170	VUPEN:ADV-2010-1182	View
476559	43754	CVE-2010-1170	URL:http://www.vupen.com/english/advisories/2010/1182	View
476560	43754	CVE-2010-1170	VUPEN:ADV-2010-1221	View

Related JVN

Id	JVN No.	Title	Summary	CVE No.	CVE Id	CVSS_v2	CVSS_v3	JVN URL	Actions
38161	JVNDB-2010-003946	Cisco TFTP Server におけるサービス運用妨害 (DoS) の脆弱性	Cisco TFTP Serverサービス運用妨害 (デーモンクラッシュ) 状態となる脆弱性が存在します。	CVE-2010-1174	43754	5		http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-003946.html	View

Message	Memory use
Component initialization	1.39 MB
Controller action start	1.49 MB
Controller render start	2.35 MB
View render complete	2.86 MB

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	2.98
Event: Controller.initialize	0.02
Event: Controller.startup	0.06
Controller action	491.44
Event: Controller.beforeRender	5.31
» Processing toolbar data	5.21
Rendering View	20.49
» Event: View.beforeRender	0.02
» Rendering APP/View/Cveinfos/view.ctp	19.42
» Event: View.afterRender	0.02
» Event: View.beforeLayout	0.02
» Rendering APP/View/Layouts/default.ctp	0.61
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	0.09
Event: View.afterLayout	0.00

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/cveinfos/view/43754
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/cveinfos/view/43754
Remote Port	8393
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	216.73.216.173
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Connection	close
Http Cache Control	max-age=259200
Http X Forwarded For	10.3.25.50
Http Via	1.1 squid-proxy-5b5d847c96-mtcd4 (squid/6.10)
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Suspectharddos	1
Suspectdos	1
X Dostranslated Ip	216.73.216.173
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	216.73.216.173
Unique Id	aMUkmUqDqY7tKL1cdWC6jAAAAk0
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Suspectharddos	1
Redirect Suspectdos	1
Redirect X Dostranslated Ip	216.73.216.173
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	216.73.216.173
Redirect Unique Id	aMUkmUqDqY7tKL1cdWC6jAAAAk0
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect Suspectharddos	1
Redirect Redirect Suspectdos	1
Redirect Redirect X Dostranslated Ip	216.73.216.173
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	216.73.216.173
Redirect Redirect Unique Id	aMUkmUqDqY7tKL1cdWC6jAAAAk0
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1757750425.2255
Request Time	1757750425

CVE

Actions

Related CVE References

Related JVN

Request History

Session

Request

Cake Params

Post data

Query string

Cookie

Current Route

Sql Logs

default

Memory

Timers

Logs

View Variables

App Constants

CakePHP Constants

PHP Environment

Included Files

Include Paths

Included Files