Mission and Overview
NVD is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA).
Resource Status
NVD contains:
CVE Vulnerabilities
56363
Checklists
222
US-CERT Alerts
246
US-CERT Vuln Notes
2720
OVAL Queries
8140
CPE Names
73033

Last updated: Sun May 19 20:44:09 EDT 2013

CVE Publication rate: 11.33

Email List

NVD provides four mailing lists to the public. For information and subscription instructions please visit NVD Mailing Lists

Workload Index

Vulnerability Workload Index: 5.99

About Us
NVD is a product of the NIST Computer Security Division and is sponsored by the Department of Homeland Security's National Cyber Security Division. It supports the U.S. government multi-agency (OSD, DHS, NSA, DISA, and NIST) Information Security Automation Program. It is the U.S. government content repository for the Security Content Automation Protocol (SCAP).

National Cyber Awareness System

Vulnerability Summary for CVE-2009-1525

Original release date:05/05/2009
Last revised:05/08/2009
Source: US-CERT/NIST

Overview

CMD_DB in JBMC Software DirectAdmin before 1.334 allows remote authenticated users to gain privileges via shell metacharacters in the name parameter during a restore action.

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:8.5 (HIGH) (AV:N/AC:M/Au:S/C:C/I:C/A:C) (legend)
Impact Subscore: 10.0
Exploitability Subscore: 6.8
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: Medium
Authentication: Required to exploit
Impact Type:Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: XF
Name: directadmin-cmddb-command-execution(50167)
Hyperlink:http://xforce.iss.net/xforce/xfdb/50167
External Source: CONFIRM
Name: http://www.directadmin.com/features.php?id=968
Type: Advisory
Hyperlink:http://www.directadmin.com/features.php?id=968
External Source: SECUNIA
Name: 34861
Type: Advisory
Hyperlink:http://secunia.com/advisories/34861
External Source: OSVDB
Name: 54015
Hyperlink:http://osvdb.org/54015
External Source: FULLDISC
Name: 20090422 DirectAdmin < 1.33.4 Local file overwrite & Local root escalation
Hyperlink:http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0228.html

Vulnerable software and versions

Nav control imageConfiguration 1
spacerNav control imageOR
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.293
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.281
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.266
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.292
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.301
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.302
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.331
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:0.95
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.01
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.02
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.03
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.04
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.05
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.06
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.07
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.08
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.081
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.09
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.1
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.11
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.111
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.12
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.121
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.13
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.14
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.15
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.151
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.152
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.16
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.161
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.17
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.171
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.172
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.173
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.174
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.1741
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.18
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.181
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.19
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.192
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.193
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.1941
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.195
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.196
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.2
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.201
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.202
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.203
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.204
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.205
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.206
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.207
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.21
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.211
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.212
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.213
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.22
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.221
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.222
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.223
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.224
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.225
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.226
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.23
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.231
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.232
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.233
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.234
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.235
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.24
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.241
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.242
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.243
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.244
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.25
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.251
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.252
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.253
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.254
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.255
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.26
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.261
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.262
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.263
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.264
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.265
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.27
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.273
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.274
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.275
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.28
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.282
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.285
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.286
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.29
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.291
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.294
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.295
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.296
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.297
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.3
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.31
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.311
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.312
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.313
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.314
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.315
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.32
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.321
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.322
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.323
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.33
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.332
spacerspacerNav control image* cpe:/a:jbmc-software:directadmin:1.333 and previous versions
* Denotes Vulnerable Software
* Changes related to vulnerability configurations

Technical Details

Vulnerability Type (View All)
CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1525