Executive Summary
| Summary | |
|---|---|
| Title | dtc security update |
| Informations | |||
|---|---|---|---|
| Name | DSA-2365 | First vendor Publication | 2011-12-18 |
| Vendor | Debian | Last vendor Modification | 2011-12-18 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Ansgar Burchardt, Mike O'Connor and Philipp Kern discovered multiple vulnerabilities in DTC, a web control panel for admin and accounting hosting services: CVE-2011-3195 A possible shell insertion has been found in the mailing list handling. CVE-2011-3196 Unix rights for the apache2.conf were set incorrectly (world readable). CVE-2011-3197 Incorrect input sanitising for the $_SERVER["addrlink"] parameter could lead to SQL insertion. CVE-2011-3198 DTC was using the -b option of htpasswd, possibly revealing password in clear text using ps or reading /proc. CVE-2011-3199 A possible HTML/javascript insertion vulnerability has been found in the DNS & MX section of the user panel. This update also fixes several vulnerabilities, for which no CVE ID has been assigned: It has been discovered that DTC performs insufficient input sanitising in the package installer, leading to possible unwanted destination directory for installed packages if some DTC application packages are installed (note that these aren't available in Debian main). DTC was setting-up /etc/sudoers with permissive sudo rights to chrootuid. Incorrect input sanitizing in the package installer could lead to SQL insertion. A malicious user could enter a specially crafted support ticket subject leading to an SQL injection in the draw_user_admin.php. For the oldstable distribution (lenny), this problem has been fixed in version 0.29.18-1+lenny2 The stable distribution (squeeze) doesn't include dtc. For the unstable distribution (sid), this problem has been fixed in version 0.34.1-1. We recommend that you upgrade your dtc packages. |
Original Source
| Url : http://www.debian.org/security/2011/dsa-2365 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 33 % | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') (CWE/SANS Top 25) |
| 22 % | CWE-264 | Permissions, Privileges, and Access Controls |
| 11 % | CWE-255 | Credentials Management |
| 11 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
| 11 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
| 11 % | CWE-20 | Improper Input Validation |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:15092 | |||
| Oval ID: | oval:org.mitre.oval:def:15092 | ||
| Title: | DSA-2365-1 dtc -- several | ||
| Description: | Ansgar Burchardt, Mike O"Connor and Philipp Kern discovered multiple vulnerabilities in DTC, a web control panel for admin and accounting hosting services: CVE-2011-3195. A possible shell insertion has been found in the mailing list handling. CVE-2011-3196 Unix rights for the apache2.conf were set incorrectly. CVE-2011-3197 Incorrect input sanitising for the $_SERVER["addrlink"] parameter could lead to SQL insertion. CVE-2011-3198 DTC was using the -b option of htpasswd, possibly revealing password in clear text using ps or reading /proc. CVE-2011-3199 A possible HTML/javascript insertion vulnerability has been found in the DNS & MX section of the user panel. This update also fixes several vulnerabilities, for which no CVE ID has been assigned: It has been discovered that DTC performs insufficient input sanitising in the package installer, leading to possible unwanted destination directory for installed packages if some DTC application packages are installed. DTC was setting-up /etc/sudoers with permissive sudo rights to chrootuid. Incorrect input sanitising in the package installer could lead to SQL insertion. A malicious user could enter a specially crafted support ticket subject leading to an SQL injection in the draw_user_admin.php. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2365-1 CVE-2011-3195 CVE-2011-3196 CVE-2011-3197 CVE-2011-3198 CVE-2011-3199 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | dtc |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-02-11 | Name : Debian Security Advisory DSA 2365-1 (dtc) File : nvt/deb_2365_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 74856 | Domain Technologie Control DNS and MX Page Domain root TXT record: Field XSS Domain Technologie Control contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'Domain root TXT record:' field upon submission to the DNS and MX page. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
| 74855 | Domain Technologie Control htpasswd Utility Password Disclosure |
| 74854 | Domain Technologie Control shared/inc/forms/domain_info.php addrlink Paramete... Domain Technologie Control contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the shared/inc/forms/domain_info.php script not properly sanitizing user-supplied input to the 'addrlink' parameter This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. |
| 74853 | Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weaknes... |
| 74852 | Domain Technologie Control shared/inc/sql/lists.php tunable_name Parameter ex... Domain Technologie Control does not sanitize input related to the exec() function called by the 'tunable_name' parameter in the shared/inc/sql/lists.php script. This may allow an attacker to inject and execute arbitrary shell commands. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2012-01-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2365.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-03-21 17:23:11 |
|
| 2014-03-21 13:25:47 |
|
| 2014-02-17 11:30:39 |
|
