CVE-2009-4261 - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

CVE CVE-2009-4261
Status Candidate
Description Multiple directory traversal vulnerabilities in the iallocator framework in Ganeti 1.2.4 through 1.2.8, 2.0.0 through 2.0.4, and 2.1.0 before 2.1.0~rc2 allow (1) remote attackers to execute arbitrary programs via a crafted external script name supplied through the HTTP remote API (RAPI) and allow (2) local users to execute arbitrary programs and gain privileges via a crafted external script name supplied through a gnt-* command, related to "path sanitization errors."
Severity High
CVSS score 7,5
CVSS vector (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Phase Assigned (22.12.2009)
NVD: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4261
References BUGTRAQ : 20091217 [Suspected Spam][oCERT-2009-019] Ganeti path sanitization errors
CONFIRM : http://git.ganeti.org/?p=ganeti.git;a=blobdiff;f=l...
CONFIRM : http://git.ganeti.org/?p=ganeti.git;a=blobdiff;f=l...
CONFIRM : http://git.ganeti.org/?p=ganeti.git;a=blobdiff;f=N...
CONFIRM : http://git.ganeti.org/?p=ganeti.git;a=commit;h=f95...
CONFIRM : http://groups.google.com/group/ganeti/browse_threa...
MISC : http://www.ocert.org/advisories/ocert-2009-019.html
MLIST : [oss-security] 20091217 [oCERT-2009-019] Ganeti path sanitization errors
SECUNIA : 37849
VUPEN : ADV-2009-3599
SecurityVulns: Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

test server