Beanstalkd Job Data Remote Command Execution Vulnerability Network Vulnerability

Summary

This host is running Beanstalkd and is prone to remote command execution vulnerability.

Impact

Successful exploitation will allow attacker to execute Beanstalk client commands within the context of the affected application. Impact Level: Application

Solution

Upgrade to Beanstalkd version 1.4.6 or later, For updates refer to http://kr.github.com/beanstalkd/download.html

Insight

The flaw is caused by improper handling of put commands defining a job by the dispatch_cmd function. A remote attacker could exploit this vulnerability using a specially-crafted job payload data to execute arbitrary Beanstalk commands.

Affected

Beanstalkd version 1.4.5 and prior.

References

http://github.com/kr/beanstalkd/commit/2e8e8c6387ecdf5923dfc4d7718d18eba1b0873d
http://secunia.com/advisories/40032
http://xforce.iss.net/xforce/xfdb/59107

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2060

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe Acrobat Remote Code Execution Vulnerability(Win)
Adobe Acrobat Multiple Vulnerabilities-01 Sep14 (Windows)
Adobe Acrobat Multiple Vulnerabilities April-2012 (Mac OS X)
Adobe Acrobat and Reader 'printSeps()' Function Heap Corruption Vulnerability
Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Mac OS X)

Take action and discover your vulnerabilities