Skip to main content

Product Directory Enterprise Compliance Pulse AI Analyst Compare Docs

Login Start Free

Loading...

Cloud security intelligence for modern infrastructure.

Stay informed

📬 Product updates & blog posts🛡️ CVE alerts & security advisories

Frequency:

Sent from noreply@echelongraph.io · Unsubscribe anytime

Product

Overview
Enterprise
Agents
AI Analyst
Pricing
Compare
vs. Competitors

Resources

CVE Pulse
Compliance Directory
Newsletter
Documentation
Readiness Calculator
Blog

Security Tools

Surface Scanner
AI Security Index
AI Threat Map
Shadow AI Radar
Shadow Engine Map

Company

Design Partners
Changelog
Contact

Legal

Privacy
Terms
Security
DPA

© 2026 EchelonGraph, Inc. All rights reserved.

SOC 2 Type IIISO 27001GDPRHIPAA Ready

Home›CVE Pulse›CVE-2009-4261

CVE-2009-4261

NONECVSS 0.0

0.0

Multiple directory traversal vulnerabilities in the iallocator framework in Ganeti 1.2.4 through 1.2.8, 2.0.0 through 2.0.4, and 2.1.0 before 2.1.0~rc2 allow (1) remote attackers to execute arbitrary programs via a crafted external script name supplied through the HTTP remote API (RAPI) and allow (2) local users to execute arbitrary programs and gain privileges via a crafted external script name supplied through a gnt-* command, related to "path sanitization errors."

📅 Published

December 21, 2009

🔄 Last Modified

April 23, 2026

🔗 References (20)

cve@mitrehttp://git.ganeti.org/?p=ganeti.git%3Ba=blobdiff%3Bf=NEWS%3Bh=34b46426eca82c351e0a478c71edb66b9bb4b228%3Bhp=7f916c59238503915e927377d887b93eef1f676c%3Bhb=e5823b7e2cd8a3c9037a10aa59823a45642ce29f%3Bhpb=f95c81bf21c177f7e6a2c53ea0613034326329bd
cve@mitrehttp://git.ganeti.org/?p=ganeti.git%3Ba=blobdiff%3Bf=lib/constants.py%3Bh=81302575487a44ed192e61aa7b21888a215ef215%3Bhp=c353878ed83ce66d21c237da5e709dedd7b6f26b%3Bhb=0084657a21afb49c6f74498f27b97dfdbc42b383%3Bhpb=d24cb69273e4b03ffcd4e4768d95841b5570e264
cve@mitrehttp://git.ganeti.org/?p=ganeti.git%3Ba=blobdiff%3Bf=lib/utils.py%3Bh=bcd8e107bbc44ff94a4bc3dc405b5547719f001d%3Bhp=df2d18027e83b7783e146cbbe58f7efa92317980%3Bhb=f95c81bf21c177f7e6a2c53ea0613034326329bd%3Bhpb=4fe80ef2ed1cda3a6357274eccafe5c1f21a5283
cve@mitrehttp://git.ganeti.org/?p=ganeti.git%3Ba=commit%3Bh=f95c81bf21c177f7e6a2c53ea0613034326329bd
cve@mitrehttp://groups.google.com/group/ganeti/browse_thread/thread/cbce23d89103a8d2
cve@mitrehttp://secunia.com/advisories/37849
cve@mitrehttp://www.ocert.org/advisories/ocert-2009-019.html
cve@mitrehttp://www.openwall.com/lists/oss-security/2009/12/17/5
cve@mitrehttp://www.securityfocus.com/archive/1/508535/100/0/threaded
cve@mitrehttp://www.vupen.com/english/advisories/2009/3599
af854a3a-2127-422b-91ae-364da2661108http://git.ganeti.org/?p=ganeti.git%3Ba=blobdiff%3Bf=NEWS%3Bh=34b46426eca82c351e0a478c71edb66b9bb4b228%3Bhp=7f916c59238503915e927377d887b93eef1f676c%3Bhb=e5823b7e2cd8a3c9037a10aa59823a45642ce29f%3Bhpb=f95c81bf21c177f7e6a2c53ea0613034326329bd
af854a3a-2127-422b-91ae-364da2661108http://git.ganeti.org/?p=ganeti.git%3Ba=blobdiff%3Bf=lib/constants.py%3Bh=81302575487a44ed192e61aa7b21888a215ef215%3Bhp=c353878ed83ce66d21c237da5e709dedd7b6f26b%3Bhb=0084657a21afb49c6f74498f27b97dfdbc42b383%3Bhpb=d24cb69273e4b03ffcd4e4768d95841b5570e264
af854a3a-2127-422b-91ae-364da2661108http://git.ganeti.org/?p=ganeti.git%3Ba=blobdiff%3Bf=lib/utils.py%3Bh=bcd8e107bbc44ff94a4bc3dc405b5547719f001d%3Bhp=df2d18027e83b7783e146cbbe58f7efa92317980%3Bhb=f95c81bf21c177f7e6a2c53ea0613034326329bd%3Bhpb=4fe80ef2ed1cda3a6357274eccafe5c1f21a5283
af854a3a-2127-422b-91ae-364da2661108http://git.ganeti.org/?p=ganeti.git%3Ba=commit%3Bh=f95c81bf21c177f7e6a2c53ea0613034326329bd
af854a3a-2127-422b-91ae-364da2661108http://groups.google.com/group/ganeti/browse_thread/thread/cbce23d89103a8d2

Dependency Blast Radius

See which npm, PyPI, Go, and Maven packages are affected by CVE-2009-4261

Is Your Infrastructure Affected by CVE-2009-4261?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs