beanstalkd: unauthorized execution of beanstalk client commands
| Package(s): | beanstalkd |
CVE #(s): | |
| Created: | June 22, 2010 |
Updated: | June 23, 2010 |
| Description: |
From the Red
Hat bugzilla:
Graham Barr reported that beanstalkd v1.4.5 and earlier, improperly
sanitized job data, sent together with put command from client.
A remote attacker, providing a specially-crafted job data in request,
could use this flaw to bypass intended beanstalk client commands
dispatch mechanism, leading to unauthorized execution of beanstalk
client commands. |
| Alerts: |
|
