Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 300188 (CVE-2009-4261) - <app-emulation/ganeti-{1.2.9,2.0.5,2.1.0_rc2} Arbitrary Command Execution/Privilege Escalation (CVE-2009-4261)
Summary: <app-emulation/ganeti-{1.2.9,2.0.5,2.1.0_rc2} Arbitrary Command Execution/Pri...
Status: RESOLVED FIXED
Alias: CVE-2009-4261
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High trivial (vote)
Assignee: Gentoo Security
URL: http://groups.google.com/group/ganeti...
Whiteboard: ~1 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2010-01-08 17:14 UTC by Alex Legler (RETIRED)
Modified: 2011-01-10 12:32 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2010-01-08 17:14:35 UTC
CVE-2009-4261 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4261):
  Multiple directory traversal vulnerabilities in the iallocator
  framework in Ganeti 1.2.4 through 1.2.8, 2.0.0 through 2.0.4, and
  2.1.0 before 2.1.0~rc2 allow (1) remote attackers to execute
  arbitrary programs via a crafted external script name supplied
  through the HTTP remote API (RAPI) and allow (2) local users to
  execute arbitrary programs and gain privileges via a crafted external
  script name supplied through a gnt-* command, related to "path
  sanitization errors."
Comment 1 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-01-10 12:32:35 UTC
No vulnerable version is in the tree, closing noglsa per http://www.gentoo.org/security/en/vulnerability-policy.xml (GLSA: no for ~1 vulnerabilties).