Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2011-0437

shared/inc/sql/ssh.php in the SSH accounts management implementation in Domain Technologie Control (DTC) before 0.32.9 allows remote authenticated users to delete arbitrary accounts via the edssh_account parameter in a deletesshaccount Delete action.

Related bugs and status

CVE-2011-0437 (Candidate) is related to these bugs:

Bug #729700: SQL injections in DTC

		In	Importance	Status
729700	SQL injections in DTC	dtc (Ubuntu)	Medium	Fix Released
729700	SQL injections in DTC	dtc (Ubuntu Karmic)	Medium	Fix Released
729700	SQL injections in DTC	dtc (Ubuntu Lucid)	Medium	Fix Released
729700	SQL injections in DTC	dtc (Ubuntu Maverick)	Medium	Fix Released
729700	SQL injections in DTC	dtc (Ubuntu Natty)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [dtcannounce] 20110303...
CONFIRM: http://git.gplhost.com...
CONFIRM: http://git.gplhost.com...
CONFIRM: http://packages.debian...
CONFIRM: http://packages.debian...
DEBIAN: DSA-2179
SECUNIA: 43523
VUPEN: ADV-2011-0556
XF: dtc-ssh-sec-bypass(65897)