CVE-2009-0668: Code Injection
First published: Fri Aug 07 2009(Updated: )
Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| pip/ZODB3 | <3.8.2 | 3.8.2 |
| Zope ZODB | <=3.8.1 | |
| Zope ZODB | =2.8.11 | |
| Zope ZODB | =2.9.11 | |
| Zope ZODB | =2.10.9 | |
| Zope ZODB | =2.11.4 | |
| Zope ZODB | =3.1 | |
| Zope ZODB | =3.1.1 | |
| Zope ZODB | =3.2 | |
| Zope ZODB | =3.2.4 | |
| Zope ZODB | =3.3 | |
| Zope ZODB | =3.3.3 | |
| Zope ZODB | =3.4 | |
| Zope ZODB | =3.4.1 | |
| Zope ZODB | =3.5 | |
| Zope ZODB | =3.6 | |
| Zope ZODB | =3.7 | |
| Zope ZODB | =3.8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html
- http://secunia.com/advisories/36204
- http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2
- http://secunia.com/advisories/36205
- http://osvdb.org/56827
- http://www.vupen.com/english/advisories/2009/2217
- http://www.securityfocus.com/bid/35987
- https://exchange.xforce.ibmcloud.com/vulnerabilities/52377
- https://nvd.nist.gov/vuln/detail/CVE-2009-0668
- https://web.archive.org/web/20151023102330/http://secunia.com/advisories/36204
- https://web.archive.org/web/20151023102336/http://secunia.com/advisories/36205
- https://web.archive.org/web/20200229152709/http://www.securityfocus.com/bid/35987
- https://github.com/advisories/GHSA-4x83-5gw5-q346 (Advisory)
- https://github.com/pypa/advisory-database/tree/main/vulns/zodb3/PYSEC-2009-8.yaml
Frequently Asked Questions
What is the severity of CVE-2009-0668?
CVE-2009-0668 has a high severity rating due to its potential to allow remote attackers to execute arbitrary Python code.
How do I fix CVE-2009-0668?
To fix CVE-2009-0668, upgrade to ZODB version 3.8.2 or later.
What versions are affected by CVE-2009-0668?
CVE-2009-0668 affects ZODB versions prior to 3.8.2, including versions 2.8.11 to 3.8.1.
What does CVE-2009-0668 exploit?
CVE-2009-0668 exploits a vulnerability in the ZEO network protocol when certain database sharing is enabled.
Is there a workaround for CVE-2009-0668?
A recommended workaround for CVE-2009-0668 is to disable database sharing in ZEO until the software is upgraded.
- agent/first-publish-date
- agent/type
- agent/weakness
- agent/softwarecombine
- agent/event
- agent/description
- agent/author
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-4x83-5gw5-q346
- alias/CVE-2009-0668
- agent/software-canonical-lookup
- agent/references
- agent/severity
- agent/last-modified-date
- collector/github-advisory
- agent/trending
- agent/source
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-index
- package-manager/pip
- vendor/zope
- canonical/zope zodb
- version/zope zodb/3.8.1
- version/zope zodb/2.8.11
- version/zope zodb/2.9.11
- version/zope zodb/2.10.9
- version/zope zodb/2.11.4
- version/zope zodb/3.1
- version/zope zodb/3.1.1
- version/zope zodb/3.2
- version/zope zodb/3.2.4
- version/zope zodb/3.3
- version/zope zodb/3.3.3
- version/zope zodb/3.4
- version/zope zodb/3.4.1
- version/zope zodb/3.5
- version/zope zodb/3.6
- version/zope zodb/3.7
- version/zope zodb/3.8.0