|
|
>> Versant Object Database "versantd" Remote Code Execution Vulnerability
|
Title : Versant Object Database "versantd" Remote Code Execution Vulnerability
VUPEN ID : VUPEN/ADV-2008-0764
CVE ID : CVE-2008-1319
Rated as : High Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2008-03-05
|
A vulnerability has been identified in Versant Object Database, which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused by an input validation error in the "versantd" service when processing user-supplied data sent to port 5019/TCP, which could be exploited by remote attackers to inject and execute arbitrary commands with the privileges of the application.
Affected Products
Versant Object Database version 7.0.1.3 and prior
Solution
VUPEN Security is not aware of any vendor-supplied patch.
References
http://www.vupen.com/english/advisories/2008/0764
http://aluigi.altervista.org/adv/versantcmd-adv.txt
Credits
Vulnerability reported by Luigi Auriemma.
ChangeLog
2008-03-05 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
