New User, Welcome!     Login

Object Database

Arbitrary commands execution in Versant Object Database 7.0.1.3

#######################################################################

                             Luigi Auriemma

Application:  Versant Object Database
              http://www.versant.com/en_US/products/objectdatabase
Versions:     <= 7.0.1.3
Platforms:    Windows, Solaris, HP-UX, AIX, Linux
Bug:          arbitrary commands execution
Exploitation: remote

[USN-848-1] Zope vulnerabilities

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that the Zope Object Database (ZODB) database server
(ZEO) improperly filtered certain commands when a database is shared among
multiple applications or application instances. A remote attacker could
send malicious commands to the server and execute arbitrary code.
(CVE-2009-0668)


Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!