CVE-2009-3102

Sažetak

The doHotCopy subroutine in socket-server.pl in Zmanda Recovery Manager (ZRM) for MySQL 2.x before 2.1.1 allows remote attackers to execute arbitrary commands via vectors involving a crafted $MYSQL_BINPATH variable.

Reference

http://forums.zmanda.com/showthread.php?p=8068
http://secunia.com/advisories/36424
http://secunia.com/advisories/36429
http://twitter.com/elegerov/statuses/3518763099
http://twitter.com/elegerov/statuses/3547652507
http://www.intevydis.com/blog/?p=51
https://exchange.xforce.ibmcloud.com/vulnerabilities/52977
https://exchange.xforce.ibmcloud.com/vulnerabilities/52978

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

17-08-2017 - 01:31

Objavljeno

08-09-2009 - 18:30