CVE-2009-2936: Input Validation
First published: Mon Apr 05 2010(Updated: )
** DISPUTED ** The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code via a vcl.inline directive that provides a VCL configuration file containing inline C code; (2) change the ownership of the master process via param.set, stop, and start directives; (3) read the initial line of an arbitrary file via a vcl.load directive; or (4) conduct cross-site request forgery (CSRF) attacks that leverage a victim's location on a trusted network and improper input validation of directives. NOTE: the vendor disputes this report, saying that it is "fundamentally misguided and pointless."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Varnish Cache | =1.0.1 | |
| Varnish Cache | =1.1.2 | |
| Varnish Cache | =2.0.5 | |
| Varnish Cache | =2.0.2 | |
| Varnish Cache | =1.0.3 | |
| Varnish Cache | =1.0.4 | |
| Varnish Cache | =2.0.1 | |
| Varnish Cache | =2.0 | |
| Varnish Cache | =2.0-rc1 | |
| Varnish Cache | =0.9.1 | |
| Varnish Cache | =1.0 | |
| Varnish Cache | =2.0.6 | |
| Varnish Cache | =2.0-beta2 | |
| Varnish Cache | =2.0-beta1 | |
| Varnish Cache | =0.9 | |
| Varnish Cache | =2.0.3 | |
| Varnish Cache | =1.0.2 | |
| Varnish Cache | =1.1.1 | |
| Varnish Cache | =1.1 | |
| Varnish Cache | =2.0.4 | |
| =0.9 | ||
| =0.9.1 | ||
| =1.0 | ||
| =1.0.1 | ||
| =1.0.2 | ||
| =1.0.3 | ||
| =1.0.4 | ||
| =1.1 | ||
| =1.1.1 | ||
| =1.1.2 | ||
| =2.0 | ||
| =2.0-beta1 | ||
| =2.0-beta2 | ||
| =2.0-rc1 | ||
| =2.0.1 | ||
| =2.0.2 | ||
| =2.0.3 | ||
| =2.0.4 | ||
| =2.0.5 | ||
| =2.0.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2009-2936?
CVE-2009-2936 is considered a high severity vulnerability due to its potential to allow remote attackers to execute arbitrary commands without authentication.
How do I fix CVE-2009-2936?
To fix CVE-2009-2936, you should upgrade to Varnish version 2.1.0 or later, where the vulnerability has been addressed.
What versions of Varnish are affected by CVE-2009-2936?
CVE-2009-2936 affects Varnish versions 1.0.1, 1.1.2, 2.0.5, and earlier versions.
What types of attacks can exploit CVE-2009-2936?
CVE-2009-2936 can allow an attacker to execute arbitrary code, leading to potential server compromise.
Is there a way to mitigate CVE-2009-2936 without upgrading?
Mitigation options are limited, but restricting access to the CLI interface through firewall rules can reduce exposure until an upgrade can be performed.
- agent/type
- agent/weakness
- agent/references
- agent/severity
- agent/status
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/event
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/author
- collector/nvd-api
- source/NVD
- vendor/varnish.projects.linpro
- canonical/varnish cache
- version/varnish cache/1.0.1
- version/varnish cache/1.1.2
- version/varnish cache/2.0.5
- version/varnish cache/2.0.2
- version/varnish cache/1.0.3
- version/varnish cache/1.0.4
- version/varnish cache/2.0.1
- version/varnish cache/2.0
- version/varnish cache/2.0-rc1
- version/varnish cache/0.9.1
- version/varnish cache/1.0
- version/varnish cache/2.0.6
- version/varnish cache/2.0-beta2
- version/varnish cache/2.0-beta1
- version/varnish cache/0.9
- version/varnish cache/2.0.3
- version/varnish cache/1.0.2
- version/varnish cache/1.1.1
- version/varnish cache/1.1
- version/varnish cache/2.0.4
- status/disputed