Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1319

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-1319
Last Modified 07 Mar 2011 10:06:42
Published 13 Mar 2008 10:44:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1319

Summary

Untrusted search path and argument injection vulnerability in the VersantD service in Versant Object Database 7.0.1.3 and earlier, as used in Borland CaliberRM and probably other products, allows remote attackers to execute arbitrary commands via a request to TCP port 5019 with a modified VERSANT_ROOT field.

Vulnerable Systems

Application

  • Versant Object Database 7.0.1

  • Versant Object Database 7.0.1.3


References

XF - objectdatabase-versantd-cmd-execution(40997)

VUPEN - ADV-2008-0764

BID - 28097

BUGTRAQ - 20080304 Arbitrary commands execution in Versant Object Database 7.0.1.3

MILW0RM - 5213

SREASON - 3738

SECUNIA - 29230

MISC - http://aluigi.altervista.org/adv/versantcmd-adv.txt


Last Updated: 27 May 2016 10:47:06