CVE-2009-2936 - Vulnerability Details

Vendors	Products
Varnish.projects.linpro	Varnish

Link	Providers
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/040359.html
http://www.securityfocus.com/archive/1/510360/100/0/threaded
http://www.securityfocus.com/archive/1/510368/100/0/threaded
http://www.varnish-cache.org/changeset/3865
http://www.varnish-cache.org/wiki/CLI

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-03-29T00:00:00", "descriptions": [{"lang": "en", "value": "The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code via a vcl.inline directive that provides a VCL configuration file containing inline C code; (2) change the ownership of the master process via param.set, stop, and start directives; (3) read the initial line of an arbitrary file via a vcl.load directive; or (4) conduct cross-site request forgery (CSRF) attacks that leverage a victim's location on a trusted network and improper input validation of directives. NOTE: the vendor disputes this report, saying that it is \"fundamentally misguided and pointless."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20100329 Medium security hole in Varnish reverse proxy", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/510360/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://www.varnish-cache.org/wiki/CLI"}, {"tags": ["x_refsource_MISC"], "url": "http://www.varnish-cache.org/changeset/3865"}, {"name": "20100329 Re: [Full-disclosure] Medium security hole in Varnish reverse proxy", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/510368/100/0/threaded"}, {"name": "FEDORA-2010-6719", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/040359.html"}], "tags": ["disputed"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-2936", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code via a vcl.inline directive that provides a VCL configuration file containing inline C code; (2) change the ownership of the master process via param.set, stop, and start directives; (3) read the initial line of an arbitrary file via a vcl.load directive; or (4) conduct cross-site request forgery (CSRF) attacks that leverage a victim's location on a trusted network and improper input validation of directives. NOTE: the vendor disputes this report, saying that it is \"fundamentally misguided and pointless.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20100329 Medium security hole in Varnish reverse proxy", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/510360/100/0/threaded"}, {"name": "http://www.varnish-cache.org/wiki/CLI", "refsource": "MISC", "url": "http://www.varnish-cache.org/wiki/CLI"}, {"name": "http://www.varnish-cache.org/changeset/3865", "refsource": "MISC", "url": "http://www.varnish-cache.org/changeset/3865"}, {"name": "20100329 Re: [Full-disclosure] Medium security hole in Varnish reverse proxy", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/510368/100/0/threaded"}, {"name": "FEDORA-2010-6719", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/040359.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T06:07:37.424Z"}, "title": "CVE Program Container", "references": [{"name": "20100329 Medium security hole in Varnish reverse proxy", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/510360/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.varnish-cache.org/wiki/CLI"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.varnish-cache.org/changeset/3865"}, {"name": "20100329 Re: [Full-disclosure] Medium security hole in Varnish reverse proxy", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/510368/100/0/threaded"}, {"name": "FEDORA-2010-6719", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/040359.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-2936", "datePublished": "2010-04-05T16:00:00", "dateReserved": "2009-08-23T00:00:00", "dateUpdated": "2024-08-07T06:07:37.424Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:varnish.projects.linpro:varnish:0.9:*:*:*:*:*:*:*", "matchCriteriaId": "84D5B200-B3CE-4B3E-A64B-DEC2F1DFBA74", "vulnerable": true}, {"criteria": "cpe:2.3:a:varnish.projects.linpro:varnish:0.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "163F7D79-3CDE-4022-AE54-AF4EB1E2BCDB", "vulnerable": true}, {"criteria": "cpe:2.3:a:varnish.projects.linpro:varnish:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "33A9C306-D088-477A-B5B1-A840083367C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:varnish.projects.linpro:varnish:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "6E59746B-600B-4086-B9DA-CC24C5D5C16D", "vulnerable": true}, {"criteria": "cpe:2.3:a:varnish.projects.linpro:varnish:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "A70BA8DB-D016-4970-9026-A86A96CFEBAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:varnish.projects.linpro:varnish:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "A502A298-F6E6-4E37-9CF1-CBD6AC9E36E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:varnish.projects.linpro:varnish:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "58BD6EC1-A38B-4761-BFC7-B0393C2FE48B", "vulnerable": true}, {"criteria": "cpe:2.3:a:varnish.projects.linpro:varnish:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "1D073F3A-4EBD-4144-B394-6DC998061CEE", "vulnerable": true}, {"criteria": "cpe:2.3:a:varnish.projects.linpro:varnish:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "C33268B6-8F60-4502-9ECC-4F8465FA0AD8", "vulnerable": true}, {"criteria": "cpe:2.3:a:varnish.projects.linpro:varnish:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "F9BC6E22-867E-4A2F-92EC-177611047245", "vulnerable": true}, {"criteria": "cpe:2.3:a:varnish.projects.linpro:varnish:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "3D1A460C-DBD9-4D08-B835-6897F6DA3611", "vulnerable": true}, {"criteria": "cpe:2.3:a:varnish.projects.linpro:varnish:2.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "8C0DB8AF-F472-41CD-9CCD-A295B5517894", "vulnerable": true}, {"criteria": "cpe:2.3:a:varnish.projects.linpro:varnish:2.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "F92062C5-6288-4244-B786-4621CC16A188", "vulnerable": true}, {"criteria": "cpe:2.3:a:varnish.projects.linpro:varnish:2.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "0B559DD9-1FD3-45CB-8070-A899E9FADE16", "vulnerable": true}, {"criteria": "cpe:2.3:a:varnish.projects.linpro:varnish:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "44BEBA6C-F548-416F-8507-9578857ED384", "vulnerable": true}, {"criteria": "cpe:2.3:a:varnish.projects.linpro:varnish:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "7066D53C-8A0E-4875-9931-C593865AF6E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:varnish.projects.linpro:varnish:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "8F6CFA79-0172-47FB-9328-0278D1C3CC71", "vulnerable": true}, {"criteria": "cpe:2.3:a:varnish.projects.linpro:varnish:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "C2F74286-4A7B-44B9-9AB1-CF39046F9D01", "vulnerable": true}, {"criteria": "cpe:2.3:a:varnish.projects.linpro:varnish:2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "5FFFD248-824B-47BE-AE16-A433E3C8AD56", "vulnerable": true}, {"criteria": "cpe:2.3:a:varnish.projects.linpro:varnish:2.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "D7EE367F-581D-41CC-A92C-699B7E6704E4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code via a vcl.inline directive that provides a VCL configuration file containing inline C code; (2) change the ownership of the master process via param.set, stop, and start directives; (3) read the initial line of an arbitrary file via a vcl.load directive; or (4) conduct cross-site request forgery (CSRF) attacks that leverage a victim's location on a trusted network and improper input validation of directives. NOTE: the vendor disputes this report, saying that it is \"fundamentally misguided and pointless."}, {"lang": "es", "value": "** DISPUTADA** La interfase de l\u00ednea de comandos (tambi\u00e9n conocida como Server CLI o interfase de administraci\u00f3n) en el proceso maestro en el \"reverse proxy server\" en Varnish anteriores a v2.1.0 no requiere autenticaci\u00f3n para comandos recibidos a trav\u00e9s del puerto TCP, lo que permite a atacantes remotos (1) ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una directiva vcl.inline que provee un fichero de configuraci\u00f3n c\u00f3digo C; (2) cambiar el propietario del proceso maestro a trav\u00e9s de directivas param.set, stop y start: (3) leer la l\u00ednea iniciar de un fichero de su elecci\u00f3n a trav\u00e9s de la directiva vcl.load; o (4) conducir un ataque de falsificaci\u00f3n de petici\u00f3n en sitios cruzados que muestren la localizaci\u00f3n de la v\u00edctima en una red segura y una validaci\u00f3n de entrada impropia de directivas. NOTA: el desarollador disputa este informe diciendo que es \"equivocada y sin sentido\"."}], "id": "CVE-2009-2936", "lastModified": "2024-11-21T01:06:06.297", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-04-05T16:30:00.453", "references": [{"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/040359.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/510360/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/510368/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.varnish-cache.org/changeset/3865"}, {"source": "cve@mitre.org", "url": "http://www.varnish-cache.org/wiki/CLI"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/040359.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/510360/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/510368/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.varnish-cache.org/changeset/3865"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.varnish-cache.org/wiki/CLI"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object