CVE-2009-0669

NameCVE-2009-0669
DescriptionZope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-1863-1, DSA-2234-1
NVD severityhigh (attack range: remote)
Debian Bugs540462, 540463, 540464, 540465
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
zodb (PTS)squeeze1:3.9.4-1.1fixed
wheezy1:3.9.7-2fixed
jessie, sid1:3.9.7-5fixed

The information above is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
zodbsource(unstable)1:3.8.2-1high540465
zodbsourcelenny1:3.6.0-2+lenny3highDSA-2234-1
zope2.10source(unstable)2.10.9-1high540464
zope2.10sourcelenny2.10.6-1+lenny1highDSA-1863-1
zope2.11source(unstable)2.11.4-1high540463
zope2.9source(unstable)(unfixed)high
zope2.9sourceetch2.9.6-4etch2highDSA-1863-1
zope3source(unstable)(unfixed)high540462

Search for package or bug name: Reporting problems