Executive Summary

Title New smbind packages fix sql injection
Name DSA-2103 First vendor Publication 2010-09-05
Vendor Debian Last vendor Modification 2010-09-05
Severity (Vendor) N/A Revision 1

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


It was discovered that smbind, a PHP-based tool for managing DNS zones for BIND, does not properly validating input. An unauthenticated remote attacker could execute arbitrary SQL commands or gain access to the admin account.

For the stable distribution (lenny), this problem has been fixed in version 0.4.7-3+lenny1.

For the unstable distribution (sid), this problem has been fixed in version 0.4.7-5, and will migrate to the testing distribution (squeeze) shortly.

We recommend that you upgrade your smbind (0.4.7-3+lenny1) package.

Original Source

Url : http://www.debian.org/security/2010/dsa-2103

CWE : Common Weakness Enumeration

CWE-89Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection')

CPE : Common Platform Enumeration


OpenVAS Exploits

2010-12-09Name : Simple Management BIND Admin Login Page SQL Injection Vulnerability
File : nvt/gb_smbind_admin_login_sql_inj_vuln.nasl

Open Source Vulnerability Database (OSVDB)

67829Simple Management for BIND main.php username Parameter SQL Injection

Nessus® Vulnerability Scanner

2010-09-06Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2103.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
2014-02-17 11:29:39
  • Multiple Updates