Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: Re: CVE request: multiple vulnerabilities in dtc
From: Josh Bressers <bressers () redhat com>
Date: Wed, 24 Aug 2011 16:34:30 -0400 (EDT)

----- Original Message -----

#637477
Insufficient input checking in /shared/inc/sql/lists.php

CVE-2011-3195


#637485
The setup script for dtc writes the password for the MySQL user in the
world-readable file /etc/apache2/apache2.conf.

CVE-2011-3196


#637487
Insufficient input checking leads to a SQL injection vulnerability in
shared/inc/forms/domain_info.php.

#637498
A SQL injection vulnerability in logPushlet.php can overwrite arbitrary
files as the MySQL system user.

I'm grouping the above two together.
CVE-2011-3197


#637537
dtc passes passwords to htpasswd using command line arguments, which
can be read by a local user.

CVE-2011-3198


#637584
dtc does not escape variables in HTML output in many places; for
example in the "Domain root TXT record:" field on the "DNS and MX" page
where JavaScript can be injected.

Let's call this "multiple XSS flaws"
CVE-2011-3199

Thanks for sorting the original list.

-- 
    JB


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault