cvelistv5 - cve-2009-0668

CVE-2009-0668 (GCVE-0-2009-0668)

Vulnerability from cvelistv5 – Published: 2009-08-07 19:00 – Updated: 2024-08-07 04:40

Summary

Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.vupen.com/english/advisories/2009/2217	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/36204	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new…	x_refsource_CONFIRM
	http://secunia.com/advisories/36205	third-party-advisoryx_refsource_SECUNIA
	http://mail.zope.org/pipermail/zope-announce/2009…	mailing-listx_refsource_MLIST
	http://osvdb.org/56827	vdb-entryx_refsource_OSVDB
	http://www.securityfocus.com/bid/35987	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:40:05.110Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2009-2217",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2217"
          },
          {
            "name": "36204",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36204"
          },
          {
            "name": "zope-protocol-code-execution(52377)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52377"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2"
          },
          {
            "name": "36205",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36205"
          },
          {
            "name": "[zope-announce] 20090806 CVE-2009-0668 and CVE-2009-0669: Releases to fix ZODB ZEO server vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html"
          },
          {
            "name": "56827",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/56827"
          },
          {
            "name": "35987",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35987"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-08-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2009-2217",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2217"
        },
        {
          "name": "36204",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36204"
        },
        {
          "name": "zope-protocol-code-execution(52377)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52377"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2"
        },
        {
          "name": "36205",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36205"
        },
        {
          "name": "[zope-announce] 20090806 CVE-2009-0668 and CVE-2009-0669: Releases to fix ZODB ZEO server vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html"
        },
        {
          "name": "56827",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/56827"
        },
        {
          "name": "35987",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35987"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-0668",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2009-2217",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/2217"
            },
            {
              "name": "36204",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36204"
            },
            {
              "name": "zope-protocol-code-execution(52377)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52377"
            },
            {
              "name": "http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2",
              "refsource": "CONFIRM",
              "url": "http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2"
            },
            {
              "name": "36205",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36205"
            },
            {
              "name": "[zope-announce] 20090806 CVE-2009-0668 and CVE-2009-0669: Releases to fix ZODB ZEO server vulnerabilities",
              "refsource": "MLIST",
              "url": "http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html"
            },
            {
              "name": "56827",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/56827"
            },
            {
              "name": "35987",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/35987"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-0668",
    "datePublished": "2009-08-07T19:00:00",
    "dateReserved": "2009-02-22T00:00:00",
    "dateUpdated": "2024-08-07T04:40:05.110Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zope:zodb:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.8.1\", \"matchCriteriaId\": \"F9A7E1A6-8B87-43C2-A202-7383687A20B5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zope:zodb:2.8.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AC8B7904-4F44-4641-9275-D995ADDA0ADA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zope:zodb:2.9.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E70191DA-A946-495D-A2CA-5DA5735B116F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zope:zodb:2.10.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4FB7982D-2F76-4237-8BBB-A4E5ADE1D497\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zope:zodb:2.11.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3A461879-EF34-4817-8EBB-1FE7A73E03C9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zope:zodb:3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3BF6448E-3BD4-4A3D-9D58-C39928F4FB93\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zope:zodb:3.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0CB7404-734F-4838-AAEE-A5D5E987EBA8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zope:zodb:3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"64DF8BD4-31DC-44A5-944C-AA9AE57CBB9B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zope:zodb:3.2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3D3CB7CF-91FC-4B7F-BD38-2F5033C70B99\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zope:zodb:3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D05A4183-CCE7-4BE2-B8E5-10FC33ABDEA4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zope:zodb:3.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"02371BD4-F40F-4AA7-9214-E9FFCA80138C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zope:zodb:3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B59CB22D-604D-4D9D-B7A4-E42026C7F3FA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zope:zodb:3.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C35B0E78-B0E7-41F2-B776-B7B4AE937350\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zope:zodb:3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8B6C5C0-E10B-437D-BF3C-0847B78EFDAB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zope:zodb:3.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C6EF771A-6AE9-4006-A273-5B04B3EAADDD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zope:zodb:3.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C38116E1-459C-45A7-A995-20C8ABDCCF65\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zope:zodb:3.8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8568BD1E-839A-4C78-840D-47807D207C6F\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad no especificada en Zope Object Database (ZODB) anterior a v3.8.2, cuando ciertos Zope Enterprise Objects (ZEO) habilitan compartir base de datos, permite a atacantes remotos ejecutar c\\u00f3digo Python arbitrario a trav\\u00e9s de vectores relaccionados con el protocolo de red ZEO.\"}]",
      "id": "CVE-2009-0668",
      "lastModified": "2024-11-21T01:00:39.127",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": false}]}",
      "published": "2009-08-07T19:30:00.203",
      "references": "[{\"url\": \"http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/56827\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/36204\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/36205\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/35987\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2009/2217\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/52377\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/56827\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/36204\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/36205\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/35987\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2009/2217\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/52377\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-94\"}, {\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-0668\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-08-07T19:30:00.203\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad no especificada en Zope Object Database (ZODB) anterior a v3.8.2, cuando ciertos Zope Enterprise Objects (ZEO) habilitan compartir base de datos, permite a atacantes remotos ejecutar c\u00f3digo Python arbitrario a trav\u00e9s de vectores relaccionados con el protocolo de red ZEO.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"},{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zope:zodb:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.8.1\",\"matchCriteriaId\":\"F9A7E1A6-8B87-43C2-A202-7383687A20B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zope:zodb:2.8.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC8B7904-4F44-4641-9275-D995ADDA0ADA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zope:zodb:2.9.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E70191DA-A946-495D-A2CA-5DA5735B116F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zope:zodb:2.10.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FB7982D-2F76-4237-8BBB-A4E5ADE1D497\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zope:zodb:2.11.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A461879-EF34-4817-8EBB-1FE7A73E03C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zope:zodb:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BF6448E-3BD4-4A3D-9D58-C39928F4FB93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zope:zodb:3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0CB7404-734F-4838-AAEE-A5D5E987EBA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zope:zodb:3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64DF8BD4-31DC-44A5-944C-AA9AE57CBB9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zope:zodb:3.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D3CB7CF-91FC-4B7F-BD38-2F5033C70B99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zope:zodb:3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D05A4183-CCE7-4BE2-B8E5-10FC33ABDEA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zope:zodb:3.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02371BD4-F40F-4AA7-9214-E9FFCA80138C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zope:zodb:3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B59CB22D-604D-4D9D-B7A4-E42026C7F3FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zope:zodb:3.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C35B0E78-B0E7-41F2-B776-B7B4AE937350\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zope:zodb:3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8B6C5C0-E10B-437D-BF3C-0847B78EFDAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zope:zodb:3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6EF771A-6AE9-4006-A273-5B04B3EAADDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zope:zodb:3.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C38116E1-459C-45A7-A995-20C8ABDCCF65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zope:zodb:3.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8568BD1E-839A-4C78-840D-47807D207C6F\"}]}]}],\"references\":[{\"url\":\"http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/56827\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/36204\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/36205\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/35987\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/2217\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/52377\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/56827\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/36204\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/36205\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/35987\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/2217\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/52377\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2009-0668

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-0668

Aliases

CVE-2009-0668

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-0668",
    "description": "Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol.",
    "id": "GSD-2009-0668",
    "references": [
      "https://www.suse.com/security/cve/CVE-2009-0668.html",
      "https://www.debian.org/security/2011/dsa-2234",
      "https://www.debian.org/security/2009/dsa-1863"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-0668"
      ],
      "details": "Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol.",
      "id": "GSD-2009-0668",
      "modified": "2023-12-13T01:19:44.872223Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-0668",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2009-2217",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/2217"
          },
          {
            "name": "36204",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/36204"
          },
          {
            "name": "zope-protocol-code-execution(52377)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52377"
          },
          {
            "name": "http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2",
            "refsource": "CONFIRM",
            "url": "http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2"
          },
          {
            "name": "36205",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/36205"
          },
          {
            "name": "[zope-announce] 20090806 CVE-2009-0668 and CVE-2009-0669: Releases to fix ZODB ZEO server vulnerabilities",
            "refsource": "MLIST",
            "url": "http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html"
          },
          {
            "name": "56827",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/56827"
          },
          {
            "name": "35987",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/35987"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:zope:zodb:3.8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zope:zodb:3.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zope:zodb:3.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zope:zodb:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zope:zodb:3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zope:zodb:3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zope:zodb:3.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zope:zodb:2.9.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zope:zodb:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.8.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zope:zodb:3.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zope:zodb:3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zope:zodb:2.10.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zope:zodb:3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zope:zodb:3.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zope:zodb:3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zope:zodb:2.8.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zope:zodb:2.11.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-0668"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-94"
                },
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[zope-announce] 20090806 CVE-2009-0668 and CVE-2009-0669: Releases to fix ZODB ZEO server vulnerabilities",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html"
            },
            {
              "name": "36204",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/36204"
            },
            {
              "name": "http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2"
            },
            {
              "name": "36205",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/36205"
            },
            {
              "name": "56827",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/56827"
            },
            {
              "name": "ADV-2009-2217",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/2217"
            },
            {
              "name": "35987",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/35987"
            },
            {
              "name": "zope-protocol-code-execution(52377)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52377"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-17T01:29Z",
      "publishedDate": "2009-08-07T19:30Z"
    }
  }
}

FKIE_CVE-2009-0668

Vulnerability from fkie_nvd - Published: 2009-08-07 19:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html
cve@mitre.org	http://osvdb.org/56827
cve@mitre.org	http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2
cve@mitre.org	http://secunia.com/advisories/36204	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/36205	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/35987
cve@mitre.org	http://www.vupen.com/english/advisories/2009/2217
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/52377
af854a3a-2127-422b-91ae-364da2661108	http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/56827
af854a3a-2127-422b-91ae-364da2661108	http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36204	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36205	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/35987
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/2217
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/52377

Impacted products

Vendor	Product	Version
zope	zodb	*
zope	zodb	2.8.11
zope	zodb	2.9.11
zope	zodb	2.10.9
zope	zodb	2.11.4
zope	zodb	3.1
zope	zodb	3.1.1
zope	zodb	3.2
zope	zodb	3.2.4
zope	zodb	3.3
zope	zodb	3.3.3
zope	zodb	3.4
zope	zodb	3.4.1
zope	zodb	3.5
zope	zodb	3.6
zope	zodb	3.7
zope	zodb	3.8.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:zope:zodb:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9A7E1A6-8B87-43C2-A202-7383687A20B5",
              "versionEndIncluding": "3.8.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zodb:2.8.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC8B7904-4F44-4641-9275-D995ADDA0ADA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zodb:2.9.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "E70191DA-A946-495D-A2CA-5DA5735B116F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zodb:2.10.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FB7982D-2F76-4237-8BBB-A4E5ADE1D497",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zodb:2.11.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A461879-EF34-4817-8EBB-1FE7A73E03C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zodb:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BF6448E-3BD4-4A3D-9D58-C39928F4FB93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zodb:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0CB7404-734F-4838-AAEE-A5D5E987EBA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zodb:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "64DF8BD4-31DC-44A5-944C-AA9AE57CBB9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zodb:3.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D3CB7CF-91FC-4B7F-BD38-2F5033C70B99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zodb:3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D05A4183-CCE7-4BE2-B8E5-10FC33ABDEA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zodb:3.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "02371BD4-F40F-4AA7-9214-E9FFCA80138C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zodb:3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B59CB22D-604D-4D9D-B7A4-E42026C7F3FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zodb:3.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C35B0E78-B0E7-41F2-B776-B7B4AE937350",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zodb:3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8B6C5C0-E10B-437D-BF3C-0847B78EFDAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zodb:3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6EF771A-6AE9-4006-A273-5B04B3EAADDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zodb:3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "C38116E1-459C-45A7-A995-20C8ABDCCF65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zodb:3.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8568BD1E-839A-4C78-840D-47807D207C6F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en Zope Object Database (ZODB) anterior a v3.8.2, cuando ciertos Zope Enterprise Objects (ZEO) habilitan compartir base de datos, permite a atacantes remotos ejecutar c\u00f3digo Python arbitrario a trav\u00e9s de vectores relaccionados con el protocolo de red ZEO."
    }
  ],
  "id": "CVE-2009-0668",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-08-07T19:30:00.203",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/56827"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36204"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36205"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/35987"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2009/2217"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52377"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/56827"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36204"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36205"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/35987"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/2217"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52377"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        },
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2009-AVI-319

Vulnerability from certfr_avis - Published: - Updated:

Deux vulnérabilités dans Zope Object Database (ZODB) permettent à une personne malintentionnée de contourner la politique de sécurité et d'exécuter du code arbitraire à distance.

Description

Deux vulnérabilités ont été découvertes dans Zope Object Database (ZODB) :

une exécution de code arbitraire Python est possible dans les serveurs de stockage ZODB ZEO (CVE-2009-0668) ;
un contournement du système d'authentification est possible dans les serveurs de stockage ZODB ZEO (CVE-2009-0669).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Zope 3.x.
	N/A	N/A	Zope 2.x ;

References

Title

Publication Time

Tags

Bulletin de sécurité Zope 002220 du 06 août 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Zope 3.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Zope 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Zope Object Database (ZODB)\n:\n\n-   une ex\u00e9cution de code arbitraire Python est possible dans les\n    serveurs de stockage ZODB ZEO (CVE-2009-0668) ;\n-   un contournement du syst\u00e8me d\u0027authentification est possible dans les\n    serveurs de stockage ZODB ZEO (CVE-2009-0669).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0669"
    },
    {
      "name": "CVE-2009-0668",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0668"
    }
  ],
  "links": [],
  "reference": "CERTA-2009-AVI-319",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-08-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s dans Zope Object Database (\u003cspan\nclass=\"textit\"\u003eZODB\u003c/span\u003e) permettent \u00e0 une personne malintentionn\u00e9e de\ncontourner la politique de s\u00e9curit\u00e9 et d\u0027ex\u00e9cuter du code arbitraire \u00e0\ndistance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Zope",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Zope 002220 du 06 ao\u00fbt 2009",
      "url": "http://mail.zope.org/pipermail/zope-annouce/2009-August/002220.html"
    }
  ]
}

CERTA-2009-AVI-319

Vulnerability from certfr_avis - Published: - Updated:

Deux vulnérabilités dans Zope Object Database (ZODB) permettent à une personne malintentionnée de contourner la politique de sécurité et d'exécuter du code arbitraire à distance.

Description

Deux vulnérabilités ont été découvertes dans Zope Object Database (ZODB) :

une exécution de code arbitraire Python est possible dans les serveurs de stockage ZODB ZEO (CVE-2009-0668) ;
un contournement du système d'authentification est possible dans les serveurs de stockage ZODB ZEO (CVE-2009-0669).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Zope 3.x.
	N/A	N/A	Zope 2.x ;

References

Title

Publication Time

Tags

Bulletin de sécurité Zope 002220 du 06 août 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Zope 3.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Zope 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Zope Object Database (ZODB)\n:\n\n-   une ex\u00e9cution de code arbitraire Python est possible dans les\n    serveurs de stockage ZODB ZEO (CVE-2009-0668) ;\n-   un contournement du syst\u00e8me d\u0027authentification est possible dans les\n    serveurs de stockage ZODB ZEO (CVE-2009-0669).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0669"
    },
    {
      "name": "CVE-2009-0668",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0668"
    }
  ],
  "links": [],
  "reference": "CERTA-2009-AVI-319",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-08-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s dans Zope Object Database (\u003cspan\nclass=\"textit\"\u003eZODB\u003c/span\u003e) permettent \u00e0 une personne malintentionn\u00e9e de\ncontourner la politique de s\u00e9curit\u00e9 et d\u0027ex\u00e9cuter du code arbitraire \u00e0\ndistance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Zope",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Zope 002220 du 06 ao\u00fbt 2009",
      "url": "http://mail.zope.org/pipermail/zope-annouce/2009-August/002220.html"
    }
  ]
}

PYSEC-2009-8

Vulnerability from pysec - Published: 2009-08-07 19:30 - Updated: 2021-07-16 01:31

Details

Impacted products

Name	purl
zodb3	pkg:pypi/zodb3

Aliases

CVE-2009-0668

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "zodb3",
        "purl": "pkg:pypi/zodb3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.8.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "3.1.5",
        "3.2.10",
        "3.3.1",
        "3.4.2",
        "3.5.0",
        "3.5.1",
        "3.6.0",
        "3.7.0",
        "3.7.2",
        "3.8.0",
        "3.8.0a1",
        "3.8.0b1",
        "3.8.0b2",
        "3.8.0b3",
        "3.8.0b4",
        "3.8.0c1",
        "3.8.1",
        "3.8.1b1",
        "3.8.1b2",
        "3.8.1b3",
        "3.8.1b4",
        "3.8.1b5",
        "3.8.1b6",
        "3.8.1b7",
        "3.8.1b8",
        "3.8.1b9"
      ]
    }
  ],
  "aliases": [
    "CVE-2009-0668"
  ],
  "details": "Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol.",
  "id": "PYSEC-2009-8",
  "modified": "2021-07-16T01:31:36.649414Z",
  "published": "2009-08-07T19:30:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html"
    },
    {
      "type": "ADVISORY",
      "url": "http://secunia.com/advisories/36204"
    },
    {
      "type": "WEB",
      "url": "http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2"
    },
    {
      "type": "ADVISORY",
      "url": "http://secunia.com/advisories/36205"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/56827"
    },
    {
      "type": "ADVISORY",
      "url": "http://www.vupen.com/english/advisories/2009/2217"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/35987"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52377"
    }
  ]
}

GHSA-4X83-5GW5-Q346

Vulnerability from github – Published: 2022-05-02 03:17 – Updated: 2024-11-19 18:32

Summary

Zope Object Database (ZODB) vulnerable to arbitrary Python code execution in ZEO storage servers

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 (Critical)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "ZODB3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.8.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2009-0668"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-29T11:42:27Z",
    "nvd_published_at": "2009-08-07T19:30:00Z",
    "severity": "CRITICAL"
  },
  "details": "Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol.",
  "id": "GHSA-4x83-5gw5-q346",
  "modified": "2024-11-19T18:32:44Z",
  "published": "2022-05-02T03:17:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0668"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52377"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/zodb3/PYSEC-2009-8.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/zopefoundation/ZODB3"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20151023102330/http://secunia.com/advisories/36204"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20151023102336/http://secunia.com/advisories/36205"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20200229152709/http://www.securityfocus.com/bid/35987"
    },
    {
      "type": "WEB",
      "url": "http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html"
    },
    {
      "type": "WEB",
      "url": "http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Zope Object Database (ZODB) vulnerable to arbitrary Python code execution in ZEO storage servers"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-0668 (GCVE-0-2009-0668)

GSD-2009-0668

FKIE_CVE-2009-0668

CERTA-2009-AVI-319

Description

Solution

CERTA-2009-AVI-319

Description

Solution

PYSEC-2009-8

GHSA-4X83-5GW5-Q346

Tags

Sightings

Nomenclature