oss-sec mailing list archives
CVE request: multiple vulnerabilities in dtc
From: Jonathan Wiltshire <jmw () debian org>
Date: Fri, 12 Aug 2011 22:26:04 +0100
Hi, A number of problems have been found recently in dtc (Domain Technologie Control) and reported to the Debian BTS. These are the bugs that affect upstream code; please assign CVEs as you feel appropriate: #566654 dtc saves the administrator password in plain text in /var/lib/dtc/saved_install_config under the variable name conf_adm_pass. It remains there even after initial configuration. #611680 dtc-xen includes several command executions as root that use unchecked user input in dtc-soap-server. #614304 dtc stores user passwords and passwords for various services in unencrypted form in the database. #637477 Insufficient input checking in /shared/inc/sql/lists.php #637485 The setup script for dtc writes the password for the MySQL user in the world-readable file /etc/apache2/apache2.conf. #637487 Insufficient input checking leads to a SQL injection vulnerability in shared/inc/forms/domain_info.php. #637498 A SQL injection vulnerability in logPushlet.php can overwrite arbitrary files as the MySQL system user. #637537 dtc passes passwords to htpasswd using command line arguments, which can be read by a local user. #637584 dtc does not escape variables in HTML output in many places; for example in the "Domain root TXT record:" field on the "DNS and MX" page where JavaScript can be injected. Note that these descriptions are mostly taken from the bug reports and may not be suitable for direct publication without editing. I have checked as far as possible that none of these were previously assigned CVEs but they could be duplicates. There are often mitigating factors such as user or administrator authentication. Thanks, -- Jonathan Wiltshire jmw () debian org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
Attachment:
signature.asc
Description: Digital signature
Current thread:
- CVE request: multiple vulnerabilities in dtc Jonathan Wiltshire (Aug 12)
- Re: CVE request: multiple vulnerabilities in dtc Jonathan Wiltshire (Aug 12)
- Re: CVE request: multiple vulnerabilities in dtc Thomas Goirand (Aug 12)
- Re: Re: CVE request: multiple vulnerabilities in dtc Josh Bressers (Aug 24)
- Re: CVE request: multiple vulnerabilities in dtc Jonathan Wiltshire (Aug 24)
- Re: Re: CVE request: multiple vulnerabilities in dtc Josh Bressers (Aug 24)