Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
TitleNew smbind packages fix sql injection
NameDSA-2103First vendor Publication2010-09-05
VendorDebianLast vendor Modification2010-09-05
Severity (Vendor) N/ARevision1

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score7.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores


It was discovered that smbind, a PHP-based tool for managing DNS zones for BIND, does not properly validating input. An unauthenticated remote attacker could execute arbitrary SQL commands or gain access to the admin account.

For the stable distribution (lenny), this problem has been fixed in version 0.4.7-3+lenny1.

For the unstable distribution (sid), this problem has been fixed in version 0.4.7-5, and will migrate to the testing distribution (squeeze) shortly.

We recommend that you upgrade your smbind (0.4.7-3+lenny1) package.

Original Source

Url : http://www.debian.org/security/2010/dsa-2103

CWE : Common Weakness Enumeration

100 %CWE-89Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') (CWE/SANS Top 25)

CPE : Common Platform Enumeration


OpenVAS Exploits

2010-12-09Name : Simple Management BIND Admin Login Page SQL Injection Vulnerability
File : nvt/gb_smbind_admin_login_sql_inj_vuln.nasl

Open Source Vulnerability Database (OSVDB)

67829Simple Management for BIND main.php username Parameter SQL Injection

Nessus® Vulnerability Scanner

2010-09-06Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2103.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
2014-02-17 11:29:39
  • Multiple Updates