NVD

Id
51403  
Name
CVE-2009-4261  
Description
Multiple directory traversal vulnerabilities in the iallocator framework in Ganeti 1.2.4 through 1.2.8, 2.0.0 through 2.0.4, and 2.1.0 before 2.1.0~rc2 allow (1) remote attackers to execute arbitrary programs via a crafted external script name supplied through the HTTP remote API (RAPI) and allow (2) local users to execute arbitrary programs and gain privileges via a crafted external script name supplied through a gnt-* command, related to "path sanitization errors."  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-07  
Published
2009-12-21  
Modified Date
2009-12-22  
Seq
2009-4261  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
260681 51403 CVE-2009-4261 http://git.ganeti.org/?p=ganeti.git;a=blobdiff;f=lib/constants.py;h=81302575487a44ed192e61aa7b21888a215ef215;hp=c353878ed83ce66d21c237da5e709dedd7b6f26b;hb=0084657a21afb49c6f74498f27b97dfdbc42b383;hpb=d24cb69273e4b03ffcd4e4768d95841b5570e264  View
260682 51403 CVE-2009-4261 http://git.ganeti.org/?p=ganeti.git;a=blobdiff;f=lib/utils.py;h=bcd8e107bbc44ff94a4bc3dc405b5547719f001d;hp=df2d18027e83b7783e146cbbe58f7efa92317980;hb=f95c81bf21c177f7e6a2c53ea0613034326329bd;hpb=4fe80ef2ed1cda3a6357274eccafe5c1f21a5283  View
260683 51403 CVE-2009-4261 http://git.ganeti.org/?p=ganeti.git;a=blobdiff;f=NEWS;h=34b46426eca82c351e0a478c71edb66b9bb4b228;hp=7f916c59238503915e927377d887b93eef1f676c;hb=e5823b7e2cd8a3c9037a10aa59823a45642ce29f;hpb=f95c81bf21c177f7e6a2c53ea0613034326329bd  View
260684 51403 CVE-2009-4261 http://git.ganeti.org/?p=ganeti.git;a=commit;h=f95c81bf21c177f7e6a2c53ea0613034326329bd  View
260685 51403 CVE-2009-4261 http://groups.google.com/group/ganeti/browse_thread/thread/cbce23d89103a8d2  View
260686 51403 CVE-2009-4261 http://www.ocert.org/advisories/ocert-2009-019.html  View
260687 51403 CVE-2009-4261 [oss-security] 20091217 [oCERT-2009-019] Ganeti path sanitization errors  View
260688 51403 CVE-2009-4261 20091217 [Suspected Spam][oCERT-2009-019] Ganeti path sanitization errors  View
260689 51403 CVE-2009-4261 ADV-2009-3599  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
45520 JVNDB-2009-006527 Ganeti の iallocator フレームワークにおけるディレクトリトラバーサルの脆弱性 Ganeti の iallocator フレームワークには、ディレクトリトラバーサルの脆弱性が存在します。 CVE-2009-4261 41692 CVE-2009-4261 51403 7.5 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-006527.html 2009-12-21 2012-12-20 View