Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 280822 (CVE-2009-0668) - <net-zope/zodb-3.8.2 remote code execution & authentication bypass (CVE-2009-{0668,0669})
Summary: <net-zope/zodb-3.8.2 remote code execution & authentication bypass (CVE-2009-...
Status: RESOLVED DUPLICATE of bug 278824
Alias: CVE-2009-0668
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://pypi.python.org/pypi/ZODB3/3.8...
Whiteboard: [B/C?]1 [ebuild]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-08-08 21:44 UTC by Stefan Behte (RETIRED)
Modified: 2009-08-09 00:26 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2009-08-08 21:44:19 UTC
CVE-2009-0668 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0668):
  Unspecified vulnerability in Zope Object Database (ZODB) before
  3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is
  enabled, allows remote attackers to execute arbitrary Python code via
  vectors involving the ZEO network protocol.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2009-08-08 22:00:12 UTC
CVE-2009-0669 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0669):
  Zope Object Database (ZODB) before 3.8.2, when certain Zope
  Enterprise Objects (ZEO) database sharing is enabled, allows remote
  attackers to bypass authentication via vectors involving the ZEO
  network protocol.

Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2009-08-09 00:26:05 UTC

*** This bug has been marked as a duplicate of bug 278824 ***