QwikSec

Security Database

CVE

CWE

Training

CVE-2013-6795

Published: Dec 24, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

The Updater in Rackspace Openstack Windows Guest Agent for XenServer before 1.2.6.0 allows remote attackers to execute arbitrary code via a crafted serialized .NET object to TCP port 1984, which triggers the download and extraction of a ZIP file that overwrites the Agent service binary.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://blog.cloudpassage.com/2013/11/18/cve-2013-6795-vulnerability-rackspace-windows-agent-updater/

x_refsource_MISC

http://packetstormsecurity.com/files/124153/Rackspace-Windows-Agent-Updater-Arbitrary-Code-Execution.html

x_refsource_MISC

20131122 CVE-2013-6795 Vulnerability in the Rackspace Windows Agent and Updater

mailing-list

x_refsource_BUGTRAQ

vdb-entry

x_refsource_OSVDB

https://github.com/rackerlabs/openstack-guest-agents-windows-xenserver/commit/ef16f88f20254b8083e361f11707da25f8482401

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

https://github.com/rackerlabs/openstack-guest-agents-windows-xenserver/releases/tag/1.2.6.0

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.