CVE-2009-4261

2009-12-2116:30:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2009-4261

directory traversal

iallocator framework

ganeti

remote api

rapi

local users

path sanitization errors

7.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

68.8%

JSON

Multiple directory traversal vulnerabilities in the iallocator framework in Ganeti 1.2.4 through 1.2.8, 2.0.0 through 2.0.4, and 2.1.0 before 2.1.0~rc2 allow (1) remote attackers to execute arbitrary programs via a crafted external script name supplied through the HTTP remote API (RAPI) and allow (2) local users to execute arbitrary programs and gain privileges via a crafted external script name supplied through a gnt-* command, related to “path sanitization errors.”

CPENameOperatorVersion
roman_marxer:ganetiroman marxer ganetieq2.0.3
roman_marxer:ganetiroman marxer ganetieq1.2.6
roman_marxer:ganetiroman marxer ganetieq1.2.7
roman_marxer:ganetiroman marxer ganetieq2.0.0
roman_marxer:ganetiroman marxer ganetieq1.2.4
roman_marxer:ganetiroman marxer ganetieq2.0.1
roman_marxer:ganetiroman marxer ganetieq1.2.5
roman_marxer:ganetiroman marxer ganetieq2.0.2
roman_marxer:ganetiroman marxer ganetieq1.2.8
roman_marxer:ganetiroman marxer ganetieq2.1.0

CPE	Name	Operator	Version
roman_marxer:ganeti	roman marxer ganeti	eq	2.0.3
roman_marxer:ganeti	roman marxer ganeti	eq	1.2.6
roman_marxer:ganeti	roman marxer ganeti	eq	1.2.7
roman_marxer:ganeti	roman marxer ganeti	eq	2.0.0
roman_marxer:ganeti	roman marxer ganeti	eq	1.2.4
roman_marxer:ganeti	roman marxer ganeti	eq	2.0.1
roman_marxer:ganeti	roman marxer ganeti	eq	1.2.5
roman_marxer:ganeti	roman marxer ganeti	eq	2.0.2
roman_marxer:ganeti	roman marxer ganeti	eq	1.2.8
roman_marxer:ganeti	roman marxer ganeti	eq	2.1.0

References

git.ganeti.org/?p=ganeti.git%3Ba=blobdiff%3Bf=lib/constants.py%3Bh=81302575487a44ed192e61aa7b21888a215ef215%3Bhp=c353878ed83ce66d21c237da5e709dedd7b6f26b%3Bhb=0084657a21afb49c6f74498f27b97dfdbc42b383%3Bhpb=d24cb69273e4b03ffcd4e4768d95841b5570e264

git.ganeti.org/?p=ganeti.git%3Ba=blobdiff%3Bf=lib/utils.py%3Bh=bcd8e107bbc44ff94a4bc3dc405b5547719f001d%3Bhp=df2d18027e83b7783e146cbbe58f7efa92317980%3Bhb=f95c81bf21c177f7e6a2c53ea0613034326329bd%3Bhpb=4fe80ef2ed1cda3a6357274eccafe5c1f21a5283

git.ganeti.org/?p=ganeti.git%3Ba=blobdiff%3Bf=NEWS%3Bh=34b46426eca82c351e0a478c71edb66b9bb4b228%3Bhp=7f916c59238503915e927377d887b93eef1f676c%3Bhb=e5823b7e2cd8a3c9037a10aa59823a45642ce29f%3Bhpb=f95c81bf21c177f7e6a2c53ea0613034326329bd

git.ganeti.org/?p=ganeti.git%3Ba=commit%3Bh=f95c81bf21c177f7e6a2c53ea0613034326329bd

groups.google.com/group/ganeti/browse_thread/thread/cbce23d89103a8d2

secunia.com/advisories/37849

www.ocert.org/advisories/ocert-2009-019.html

www.openwall.com/lists/oss-security/2009/12/17/5

www.securityfocus.com/archive/1/508535/100/0/threaded

www.vupen.com/english/advisories/2009/3599