oss-sec mailing list archives

Re: Re: CVE request: multiple vulnerabilities in dtc

From: Josh Bressers <bressers () redhat com>
Date: Wed, 24 Aug 2011 16:34:30 -0400 (EDT)

----- Original Message -----

#637477
Insufficient input checking in /shared/inc/sql/lists.php


CVE-2011-3195

#637485
The setup script for dtc writes the password for the MySQL user in the
world-readable file /etc/apache2/apache2.conf.


CVE-2011-3196

#637487
Insufficient input checking leads to a SQL injection vulnerability in
shared/inc/forms/domain_info.php.

#637498
A SQL injection vulnerability in logPushlet.php can overwrite arbitrary
files as the MySQL system user.


I'm grouping the above two together.
CVE-2011-3197

#637537
dtc passes passwords to htpasswd using command line arguments, which
can be read by a local user.


CVE-2011-3198

#637584
dtc does not escape variables in HTML output in many places; for
example in the "Domain root TXT record:" field on the "DNS and MX" page
where JavaScript can be injected.


Let's call this "multiple XSS flaws"
CVE-2011-3199

Thanks for sorting the original list.

-- 
    JB

Current thread:

CVE request: multiple vulnerabilities in dtc Jonathan Wiltshire (Aug 12)
- Re: CVE request: multiple vulnerabilities in dtc Jonathan Wiltshire (Aug 12)
- Re: CVE request: multiple vulnerabilities in dtc Thomas Goirand (Aug 12)
  - Re: Re: CVE request: multiple vulnerabilities in dtc Josh Bressers (Aug 24)
- Re: CVE request: multiple vulnerabilities in dtc Jonathan Wiltshire (Aug 24)
  - Re: Re: CVE request: multiple vulnerabilities in dtc Josh Bressers (Aug 24)