CVE-2009-0668

Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol.

CVSS v2.0 6.5 MEDIUM

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html
http://osvdb.org/56827
http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2
http://secunia.com/advisories/36204	Vendor Advisory
http://secunia.com/advisories/36205	Vendor Advisory
http://www.securityfocus.com/bid/35987
http://www.vupen.com/english/advisories/2009/2217
https://exchange.xforce.ibmcloud.com/vulnerabilities/52377

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:zope:zodb::::::::
	cpe:2.3:a:zope:zodb:2.8.11:::::::*
	cpe:2.3:a:zope:zodb:2.9.11:::::::*
	cpe:2.3:a:zope:zodb:2.10.9:::::::*
	cpe:2.3:a:zope:zodb:2.11.4:::::::*
	cpe:2.3:a:zope:zodb:3.1:::::::*
	cpe:2.3:a:zope:zodb:3.1.1:::::::*
	cpe:2.3:a:zope:zodb:3.2:::::::*
	cpe:2.3:a:zope:zodb:3.2.4:::::::*
	cpe:2.3:a:zope:zodb:3.3:::::::*
	cpe:2.3:a:zope:zodb:3.3.3:::::::*
	cpe:2.3:a:zope:zodb:3.4:::::::*
	cpe:2.3:a:zope:zodb:3.4.1:::::::*
	cpe:2.3:a:zope:zodb:3.5:::::::*
	cpe:2.3:a:zope:zodb:3.6:::::::*
	cpe:2.3:a:zope:zodb:3.7:::::::*
	cpe:2.3:a:zope:zodb:3.8.0:::::::*

History

No history.

Information

Published : 2009-08-07 19:30

Updated : 2024-02-28 11:21

NVD link : CVE-2009-0668

Mitre link : CVE-2009-0668

CVE.ORG link : CVE-2009-0668

JSON object : View

Products Affected

zope

zodb

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

NVD-CWE-noinfo

{"id": "CVE-2009-0668", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2009-08-07T19:30:00.203", "references": [{"url": "http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/56827", "source": "cve@mitre.org"}, {"url": "http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/36204", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/36205", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/35987", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2009/2217", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52377", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}, {"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol."}, {"lang": "es", "value": "Vulnerabilidad no especificada en Zope Object Database (ZODB) anterior a v3.8.2, cuando ciertos Zope Enterprise Objects (ZEO) habilitan compartir base de datos, permite a atacantes remotos ejecutar c\u00f3digo Python arbitrario a trav\u00e9s de vectores relaccionados con el protocolo de red ZEO."}], "lastModified": "2017-08-17T01:29:58.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zope:zodb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9A7E1A6-8B87-43C2-A202-7383687A20B5", "versionEndIncluding": "3.8.1"}, {"criteria": "cpe:2.3:a:zope:zodb:2.8.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC8B7904-4F44-4641-9275-D995ADDA0ADA"}, {"criteria": "cpe:2.3:a:zope:zodb:2.9.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E70191DA-A946-495D-A2CA-5DA5735B116F"}, {"criteria": "cpe:2.3:a:zope:zodb:2.10.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FB7982D-2F76-4237-8BBB-A4E5ADE1D497"}, {"criteria": "cpe:2.3:a:zope:zodb:2.11.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A461879-EF34-4817-8EBB-1FE7A73E03C9"}, {"criteria": "cpe:2.3:a:zope:zodb:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3BF6448E-3BD4-4A3D-9D58-C39928F4FB93"}, {"criteria": "cpe:2.3:a:zope:zodb:3.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0CB7404-734F-4838-AAEE-A5D5E987EBA8"}, {"criteria": "cpe:2.3:a:zope:zodb:3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64DF8BD4-31DC-44A5-944C-AA9AE57CBB9B"}, {"criteria": "cpe:2.3:a:zope:zodb:3.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D3CB7CF-91FC-4B7F-BD38-2F5033C70B99"}, {"criteria": "cpe:2.3:a:zope:zodb:3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D05A4183-CCE7-4BE2-B8E5-10FC33ABDEA4"}, {"criteria": "cpe:2.3:a:zope:zodb:3.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02371BD4-F40F-4AA7-9214-E9FFCA80138C"}, {"criteria": "cpe:2.3:a:zope:zodb:3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B59CB22D-604D-4D9D-B7A4-E42026C7F3FA"}, {"criteria": "cpe:2.3:a:zope:zodb:3.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C35B0E78-B0E7-41F2-B776-B7B4AE937350"}, {"criteria": "cpe:2.3:a:zope:zodb:3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8B6C5C0-E10B-437D-BF3C-0847B78EFDAB"}, {"criteria": "cpe:2.3:a:zope:zodb:3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6EF771A-6AE9-4006-A273-5B04B3EAADDD"}, {"criteria": "cpe:2.3:a:zope:zodb:3.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C38116E1-459C-45A7-A995-20C8ABDCCF65"}, {"criteria": "cpe:2.3:a:zope:zodb:3.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8568BD1E-839A-4C78-840D-47807D207C6F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}