Jim Fulton wrote:
> CVE-2009-0668 Arbitrary Python code execution in ZODB ZEO storage servers
> CVE-2009-0669 Authentication bypass in ZODB ZEO storage servers
Where are the actual CVE entries for these? http://cve.mitre.org doesn't
seem to know much about either of them...
> The vulnerabilities only apply if you are using ZEO to share a
> database among multiple applications or application instances and if
> untrusted clients are able to connect to your ZEO servers.
So if only trusted zeo clients can connect to the storage server (which
is the only sane thing to do anyway, given that zeo is an unencrypted
protocol) then neither of these is a problem?
Simplistix - Content Management, Batch Processing & Python Consulting
For more information about ZODB, see the ZODB Wiki:
ZODB-Dev mailing list - ZODB-Dev@zope.org