Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1525

Overview

Vulnerability Score 8.5 8.5
CVE Id CVE-2009-1525
Last Modified 08 May 2009 12:00:00
Published 05 May 2009 04:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2009-1525

Summary

CMD_DB in JBMC Software DirectAdmin before 1.334 allows remote authenticated users to gain privileges via shell metacharacters in the name parameter during a restore action.

Vulnerable Systems

Application

  • Jbmc-software Directadmin 0.95

  • Jbmc-software Directadmin 1

  • Jbmc-software Directadmin 1.01

  • Jbmc-software Directadmin 1.02

  • Jbmc-software Directadmin 1.03

  • Jbmc-software Directadmin 1.04

  • Jbmc-software Directadmin 1.05

  • Jbmc-software Directadmin 1.06

  • Jbmc-software Directadmin 1.07

  • Jbmc-software Directadmin 1.08

  • Jbmc-software Directadmin 1.081

  • Jbmc-software Directadmin 1.09

  • Jbmc-software Directadmin 1.1

  • Jbmc-software Directadmin 1.11

  • Jbmc-software Directadmin 1.111

  • Jbmc-software Directadmin 1.12

  • Jbmc-software Directadmin 1.121

  • Jbmc-software Directadmin 1.13

  • Jbmc-software Directadmin 1.14

  • Jbmc-software Directadmin 1.15

  • Jbmc-software Directadmin 1.151

  • Jbmc-software Directadmin 1.152

  • Jbmc-software Directadmin 1.16

  • Jbmc-software Directadmin 1.161

  • Jbmc-software Directadmin 1.17

  • Jbmc-software Directadmin 1.171

  • Jbmc-software Directadmin 1.172

  • Jbmc-software Directadmin 1.173

  • Jbmc-software Directadmin 1.174

  • Jbmc-software Directadmin 1.1741

  • Jbmc-software Directadmin 1.18

  • Jbmc-software Directadmin 1.181

  • Jbmc-software Directadmin 1.19

  • Jbmc-software Directadmin 1.192

  • Jbmc-software Directadmin 1.193

  • Jbmc-software Directadmin 1.1941

  • Jbmc-software Directadmin 1.195

  • Jbmc-software Directadmin 1.196

  • Jbmc-software Directadmin 1.2

  • Jbmc-software Directadmin 1.201

  • Jbmc-software Directadmin 1.202

  • Jbmc-software Directadmin 1.203

  • Jbmc-software Directadmin 1.204

  • Jbmc-software Directadmin 1.205

  • Jbmc-software Directadmin 1.206

  • Jbmc-software Directadmin 1.207

  • Jbmc-software Directadmin 1.21

  • Jbmc-software Directadmin 1.211

  • Jbmc-software Directadmin 1.212

  • Jbmc-software Directadmin 1.213

  • Jbmc-software Directadmin 1.22

  • Jbmc-software Directadmin 1.221

  • Jbmc-software Directadmin 1.222

  • Jbmc-software Directadmin 1.223

  • Jbmc-software Directadmin 1.224

  • Jbmc-software Directadmin 1.225

  • Jbmc-software Directadmin 1.226

  • Jbmc-software Directadmin 1.23

  • Jbmc-software Directadmin 1.231

  • Jbmc-software Directadmin 1.232

  • Jbmc-software Directadmin 1.233

  • Jbmc-software Directadmin 1.234

  • Jbmc-software Directadmin 1.235

  • Jbmc-software Directadmin 1.24

  • Jbmc-software Directadmin 1.241

  • Jbmc-software Directadmin 1.242

  • Jbmc-software Directadmin 1.243

  • Jbmc-software Directadmin 1.244

  • Jbmc-software Directadmin 1.25

  • Jbmc-software Directadmin 1.251

  • Jbmc-software Directadmin 1.252

  • Jbmc-software Directadmin 1.253

  • Jbmc-software Directadmin 1.254

  • Jbmc-software Directadmin 1.255

  • Jbmc-software Directadmin 1.26

  • Jbmc-software Directadmin 1.261

  • Jbmc-software Directadmin 1.262

  • Jbmc-software Directadmin 1.263

  • Jbmc-software Directadmin 1.264

  • Jbmc-software Directadmin 1.265

  • Jbmc-software Directadmin 1.266

  • Jbmc-software Directadmin 1.27

  • Jbmc-software Directadmin 1.273

  • Jbmc-software Directadmin 1.274

  • Jbmc-software Directadmin 1.275

  • Jbmc-software Directadmin 1.28

  • Jbmc-software Directadmin 1.281

  • Jbmc-software Directadmin 1.282

  • Jbmc-software Directadmin 1.285

  • Jbmc-software Directadmin 1.286

  • Jbmc-software Directadmin 1.29

  • Jbmc-software Directadmin 1.291

  • Jbmc-software Directadmin 1.292

  • Jbmc-software Directadmin 1.293

  • Jbmc-software Directadmin 1.294

  • Jbmc-software Directadmin 1.295

  • Jbmc-software Directadmin 1.296

  • Jbmc-software Directadmin 1.297

  • Jbmc-software Directadmin 1.3

  • Jbmc-software Directadmin 1.301

  • Jbmc-software Directadmin 1.302

  • Jbmc-software Directadmin 1.31

  • Jbmc-software Directadmin 1.311

  • Jbmc-software Directadmin 1.312

  • Jbmc-software Directadmin 1.313

  • Jbmc-software Directadmin 1.314

  • Jbmc-software Directadmin 1.315

  • Jbmc-software Directadmin 1.32

  • Jbmc-software Directadmin 1.321

  • Jbmc-software Directadmin 1.322

  • Jbmc-software Directadmin 1.323

  • Jbmc-software Directadmin 1.33

  • Jbmc-software Directadmin 1.331

  • Jbmc-software Directadmin 1.332

  • Jbmc-software Directadmin 1.333


References

XF - directadmin-cmddb-command-execution(50167)

CONFIRM - http://www.directadmin.com/features.php?id=968

SECUNIA - 34861

OSVDB - 54015

FULLDISC - 20090422 DirectAdmin < 1.33.4 Local file overwrite & Local root escalation


Last Updated: 27 May 2016 10:50:34