CVE-2009-3102

Published: Sep 8, 2009Modified: Apr 23, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

The doHotCopy subroutine in socket-server.pl in Zmanda Recovery Manager (ZRM) for MySQL 2.x before 2.1.1 allows remote attackers to execute arbitrary commands via vectors involving a crafted $MYSQL_BINPATH variable.

Affected (1)

Products: Zmanda: Zrm For My Sql

Zmanda

1 product

Zrm For My Sql

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Zmanda Zrm For My Sql	Version 2.1

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (16)

http://forums.zmanda.com/showthread.php?p=8068

Source: cve@mitre.org

http://secunia.com/advisories/36424

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/36429

Source: cve@mitre.org

Vendor Advisory

http://twitter.com/elegerov/statuses/3518763099

Source: cve@mitre.org

http://twitter.com/elegerov/statuses/3547652507

Source: cve@mitre.org

http://www.intevydis.com/blog/?p=51

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/52977

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/52978

Source: cve@mitre.org

http://forums.zmanda.com/showthread.php?p=8068