CVE-2009-4261
Published Dec 21, 2009
Last updated a year ago
Overview
- Description
- Multiple directory traversal vulnerabilities in the iallocator framework in Ganeti 1.2.4 through 1.2.8, 2.0.0 through 2.0.4, and 2.1.0 before 2.1.0~rc2 allow (1) remote attackers to execute arbitrary programs via a crafted external script name supplied through the HTTP remote API (RAPI) and allow (2) local users to execute arbitrary programs and gain privileges via a crafted external script name supplied through a gnt-* command, related to "path sanitization errors."
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-22
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:roman_marxer:ganeti:1.2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F1CEC654-E2AF-4B5F-ACC6-2B5497732793"
},
{
"criteria": "cpe:2.3:a:roman_marxer:ganeti:1.2.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "20EE732B-8EC3-4E9F-86D3-168F88BE8394"
},
{
"criteria": "cpe:2.3:a:roman_marxer:ganeti:1.2.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "63D4FF32-ABC1-4A11-AECC-5A005EF5827A"
},
{
"criteria": "cpe:2.3:a:roman_marxer:ganeti:1.2.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4D91AB57-5B59-496C-8E17-5EE14F469F98"
},
{
"criteria": "cpe:2.3:a:roman_marxer:ganeti:1.2.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "27C56B23-78B2-4DEC-A16D-3216FB46E945"
},
{
"criteria": "cpe:2.3:a:roman_marxer:ganeti:2.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FDD59DB8-26B2-4C4D-98E2-B43B38EF7D9C"
},
{
"criteria": "cpe:2.3:a:roman_marxer:ganeti:2.0.0:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CFC02855-CD39-4FC2-A311-1182E9804EF0"
},
{
"criteria": "cpe:2.3:a:roman_marxer:ganeti:2.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C6545F38-FE8A-4E2B-9CFE-BEA9BBEE6F5C"
},
{
"criteria": "cpe:2.3:a:roman_marxer:ganeti:2.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8670969D-E5B8-44D3-A6C2-48C9CA1E8C8B"
},
{
"criteria": "cpe:2.3:a:roman_marxer:ganeti:2.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "06F73EC5-F204-4B7D-8DB6-FE2634A889AC"
},
{
"criteria": "cpe:2.3:a:roman_marxer:ganeti:2.1.0:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7D1C5065-E07B-4F93-97D5-86BBDAE8FBD3"
}
],
"operator": "OR"
}
]
}
]