CVE-2009-0669 Information

Description

Zope Object Database (ZODB) before 3.8.2 when certain Zope Enterprise Objects (ZEO) database sharing is enabled allows remote attackers to bypass authentication via vectors involving the ZEO network protocol.

Reference

http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html http://osvdb.org/56826 http://pypi.python.org/pypi/ZODB3/3.8.2whats-new-in-zodb-3-8-2 http://secunia.com/advisories/36204 http://secunia.com/advisories/36205 http://www.securityfocus.com/bid/35987 http://www.vupen.com/english/advisories/2009/2217 https://exchange.xforce.ibmcloud.com/vulnerabilities/52379