Summary: | <net-zope/zodb-3.8.2 remote code execution & authentication bypass (CVE-2009-{0668,0669}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Stefan Behte (RETIRED) <craig> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED DUPLICATE | ||
Severity: | normal | CC: | net-zope+disabled |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2 | ||
Whiteboard: | [B/C?]1 [ebuild] | ||
Package list: | Runtime testing required: | --- |
Description
Stefan Behte (RETIRED)
2009-08-08 21:44:19 UTC
CVE-2009-0669 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0669): Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol. *** This bug has been marked as a duplicate of bug 278824 *** |