Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-3102

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2009-3102
Last Modified 21 Dec 2011 12:00:00
Published 08 Sep 2009 02:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-3102

Summary

The doHotCopy subroutine in socket-server.pl in Zmanda Recovery Manager (ZRM) for MySQL 2.x before 2.1.1 allows remote attackers to execute arbitrary commands via vectors involving a crafted $MYSQL_BINPATH variable.

Vulnerable Systems

Application

  • Zmanda Zrm For My Sql 2.1


References

XF - zrm-mysqlhotcopy-priv-escalation(52978)

XF - zrm-socketserver-command-execution(52977)

MISC - http://www.intevydis.com/blog/?p=51

MISC - http://twitter.com/elegerov/statuses/3547652507

MISC - http://twitter.com/elegerov/statuses/3518763099

SECUNIA - 36429

SECUNIA - 36424

MISC - http://forums.zmanda.com/showthread.php?p=8068


Last Updated: 27 May 2016 10:51:08