ID CVE-2010-2060
Summary The put command functionality in beanstalkd 1.4.5 and earlier allows remote attackers to execute arbitrary Beanstalk commands via the body in a job that is too big, which is not properly handled by the dispatch_cmd function in prot.c.
References
Vulnerable Configurations
  • cpe:2.3:a:wildbit:beanstalkd:1.4.5
    cpe:2.3:a:wildbit:beanstalkd:1.4.5
  • cpe:2.3:a:wildbit:beanstalkd:1.4.4
    cpe:2.3:a:wildbit:beanstalkd:1.4.4
  • cpe:2.3:a:wildbit:beanstalkd:1.4.3
    cpe:2.3:a:wildbit:beanstalkd:1.4.3
  • cpe:2.3:a:wildbit:beanstalkd:1.4.2
    cpe:2.3:a:wildbit:beanstalkd:1.4.2
  • cpe:2.3:a:wildbit:beanstalkd:1.4.1
    cpe:2.3:a:wildbit:beanstalkd:1.4.1
  • cpe:2.3:a:wildbit:beanstalkd:1.4
    cpe:2.3:a:wildbit:beanstalkd:1.4
  • cpe:2.3:a:wildbit:beanstalkd:1.3
    cpe:2.3:a:wildbit:beanstalkd:1.3
  • cpe:2.3:a:wildbit:beanstalkd:1.2
    cpe:2.3:a:wildbit:beanstalkd:1.2
  • cpe:2.3:a:wildbit:beanstalkd:1.1
    cpe:2.3:a:wildbit:beanstalkd:1.1
  • cpe:2.3:a:wildbit:beanstalkd:1.0
    cpe:2.3:a:wildbit:beanstalkd:1.0
  • cpe:2.3:a:wildbit:beanstalkd:0.10
    cpe:2.3:a:wildbit:beanstalkd:0.10
  • cpe:2.3:a:wildbit:beanstalkd:0.9
    cpe:2.3:a:wildbit:beanstalkd:0.9
  • cpe:2.3:a:wildbit:beanstalkd:0.8
    cpe:2.3:a:wildbit:beanstalkd:0.8
  • cpe:2.3:a:wildbit:beanstalkd:0.7
    cpe:2.3:a:wildbit:beanstalkd:0.7
  • cpe:2.3:a:wildbit:beanstalkd:0.6
    cpe:2.3:a:wildbit:beanstalkd:0.6
  • cpe:2.3:a:wildbit:beanstalkd:0.5
    cpe:2.3:a:wildbit:beanstalkd:0.5
CVSS
Base: 7.5 (as of 08-06-2010 - 15:20)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Misc.
    NASL id BEANSTALKD_REMOTE_BEANSTALK_CMD_INJECT.NASL
    description The installed version of Beanstalkd allows injection of Beanstalk commands. A malicious producer process or client could exploit this issue to inject arbitrary beanstalkd commands via the 'PUT' command to view status of existing jobs or delete jobs from the Beanstalkd queue without co-operation from the consumer process or the client.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 46884
    published 2010-06-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46884
    title Beanstalkd < 1.4.6 Remote Beanstalkd Command Injection
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201412-08.NASL
    description The remote host is affected by the vulnerability described in GLSA-201412-08 (Multiple packages, Multiple vulnerabilities fixed in 2010) Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. Insight Perl Tk Module Source-Navigator Tk Partimage Mlmmj acl Xinit gzip ncompress liblzw splashutils GNU M4 KDE Display Manager GTK+ KGet dvipng Beanstalk Policy Mount pam_krb5 GNU gv LFTP Uzbl Slim Bitdefender Console iputils DVBStreamer Impact : A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. Workaround : There are no known workarounds at this time.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 79961
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79961
    title GLSA-201412-08 : Multiple packages, Multiple vulnerabilities fixed in 2010
refmap via4
bid 40516
confirm
osvdb 65113
secunia 40032
xf beanstalkd-put-command-execution(59107)
Last major update 08-06-2010 - 00:00
Published 07-06-2010 - 20:30
Last modified 16-08-2017 - 21:32
Back to Top