CVE-2009-0668

Name of the Vulnerable Software and Affected Versions Zope Object Database (ZODB) versions prior to 3.8.2

Description The issue concerns multiple vulnerabilities in the ZODB package of the Debian GNU/Linux operating system, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. The vulnerability allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol when certain Zope Enterprise Objects (ZEO) database sharing is enabled.

Recommendations For Zope Object Database (ZODB) versions prior to 3.8.2, update to version 3.8.2 or later to resolve the issue. As a temporary workaround, consider disabling the ZEO database sharing feature until a patch is available. Restrict access to the ZEO network protocol to minimize the risk of exploitation.