oss-sec mailing list archives
Re: Re: CVE request: multiple vulnerabilities in dtc
From: Josh Bressers <bressers () redhat com>
Date: Wed, 24 Aug 2011 16:34:30 -0400 (EDT)
----- Original Message -----
#637477 Insufficient input checking in /shared/inc/sql/lists.php
CVE-2011-3195
#637485 The setup script for dtc writes the password for the MySQL user in the world-readable file /etc/apache2/apache2.conf.
CVE-2011-3196
#637487 Insufficient input checking leads to a SQL injection vulnerability in shared/inc/forms/domain_info.php. #637498 A SQL injection vulnerability in logPushlet.php can overwrite arbitrary files as the MySQL system user.
I'm grouping the above two together. CVE-2011-3197
#637537 dtc passes passwords to htpasswd using command line arguments, which can be read by a local user.
CVE-2011-3198
#637584 dtc does not escape variables in HTML output in many places; for example in the "Domain root TXT record:" field on the "DNS and MX" page where JavaScript can be injected.
Let's call this "multiple XSS flaws" CVE-2011-3199 Thanks for sorting the original list. -- JB
Current thread:
- CVE request: multiple vulnerabilities in dtc Jonathan Wiltshire (Aug 12)
- Re: CVE request: multiple vulnerabilities in dtc Jonathan Wiltshire (Aug 12)
- Re: CVE request: multiple vulnerabilities in dtc Thomas Goirand (Aug 12)
- Re: Re: CVE request: multiple vulnerabilities in dtc Josh Bressers (Aug 24)
- Re: CVE request: multiple vulnerabilities in dtc Jonathan Wiltshire (Aug 24)
- Re: Re: CVE request: multiple vulnerabilities in dtc Josh Bressers (Aug 24)