FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2011-0437

This CVE name corresponds to:

Entered Topic
2011-08-13 dtc -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2011-0437 at cve.mitre.org

Details

Type Candidate
Name CVE-2011-0437
Phase Assigned(20110112)

Description

shared/inc/sql/ssh.php in the SSH accounts management implementation in Domain Technologie Control (DTC) before 0.32.9 allows remote authenticated users to delete arbitrary accounts via the edssh_account parameter in a deletesshaccount Delete action.

References

Source Reference
MLIST [dtcannounce] 20110303 Fwd: [SECURITY] [DSA 2179-1] dtc security update
CONFIRM http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=9b75112fc12fead5740b1aaf0df562b5a9045ec0
CONFIRM http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=c97ab4ae43945de36534c40004d713b3b10113db
CONFIRM http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog
CONFIRM http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog
DEBIAN DSA-2179
SECUNIA 43523
VUPEN ADV-2011-0556
XF dtc-ssh-sec-bypass(65897)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.