CVE-2009-4488

Name of the Vulnerable Software and Affected Versions Varnish version 2.0.6

Description The issue arises from Varnish writing data to a log file without sanitizing non-printable characters. This could potentially allow remote attackers to modify a window's title or possibly execute arbitrary commands or overwrite files via an HTTP request containing an escape sequence for a terminal emulator. The vendor disputes the significance of this report, stating that the real problem lies in the mistaken belief that one can safely use the cat(1) command on a random log file to their terminal.

Recommendations For Varnish version 2.0.6, consider avoiding the use of cat(1) on log files to prevent potential exploitation, as the vendor suggests the issue lies in this practice rather than the software itself. At the moment, there is no information about a newer version that contains a fix for this vulnerability.