Bug#637487: marked as done (sql injection in shared/inc/forms/domain_info.php)

Mon, 19 Dec 2011 12:06:36 -0800 

Your message dated Mon, 19 Dec 2011 20:04:28 +0000
with message-id <e1rcjrk-0003ld...@franck.debian.org>
and subject line Bug#637487: fixed in dtc 0.29.18-1+lenny2
has caused the Debian Bug report #637487,
regarding sql injection in shared/inc/forms/domain_info.php
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
637487: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637487
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: src:dtc
Version: 0.32.10-2
Severity: critical
Tags: security upstream

There is an sql injection in shared/inc/forms/domain_info.php:

    $q = "SELECT name FROM $pro_mysql_domain_table WHERE owner='$adm_login' AND 
domain_parking='no-parking' AND name NOT LIKE '".$_REQUEST["addrlink"]."';";

There is a bit of code in shared/vars/global_vars.php that tries to
check the value of addrlink, but passing something like

    addrlink=foo.com/foo' SOME SQL HERE

works around it as it only checks the part before the slash.

Regards,
Ansgar

--- End Message ---
--- Begin Message --- 
Source: dtc
Source-Version: 0.29.18-1+lenny2

We believe that the bug you reported is fixed in the latest version of
dtc, which is due to be installed in the Debian FTP archive:

dtc-common_0.29.18-1+lenny2_all.deb
  to main/d/dtc/dtc-common_0.29.18-1+lenny2_all.deb
dtc-core_0.29.18-1+lenny2_all.deb
  to main/d/dtc/dtc-core_0.29.18-1+lenny2_all.deb
dtc-cyrus_0.29.18-1+lenny2_all.deb
  to main/d/dtc/dtc-cyrus_0.29.18-1+lenny2_all.deb
dtc-postfix-courier_0.29.18-1+lenny2_all.deb
  to main/d/dtc/dtc-postfix-courier_0.29.18-1+lenny2_all.deb
dtc-stats-daemon_0.29.18-1+lenny2_all.deb
  to main/d/dtc/dtc-stats-daemon_0.29.18-1+lenny2_all.deb
dtc-toaster_0.29.18-1+lenny2_all.deb
  to main/d/dtc/dtc-toaster_0.29.18-1+lenny2_all.deb
dtc_0.29.18-1+lenny2.diff.gz
  to main/d/dtc/dtc_0.29.18-1+lenny2.diff.gz
dtc_0.29.18-1+lenny2.dsc
  to main/d/dtc/dtc_0.29.18-1+lenny2.dsc
dtc_0.29.18.orig.tar.gz
  to main/d/dtc/dtc_0.29.18.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 637...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thomas Goirand <z...@debian.org> (supplier of updated dtc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Format: 1.8
Date: Sun, 11 Sep 2011 05:15:26 +0000
Source: dtc
Binary: dtc-common dtc-core dtc-cyrus dtc-postfix-courier dtc-stats-daemon 
dtc-toaster
Architecture: source all
Version: 0.29.18-1+lenny2
Distribution: lenny-security
Urgency: low
Maintainer: Thomas Goirand <z...@debian.org>
Changed-By: Thomas Goirand <z...@debian.org>
Description: 
 dtc-common - web control panel for admin and accounting hosting services (comm
 dtc-core   - web control panel for admin and accounting hosting services (fewe
 dtc-cyrus  - web control panel for admin and accounting hosting services (cyru
 dtc-postfix-courier - web control panel for admin and accounting hosting 
services (more
 dtc-stats-daemon - dtc-xen VM statistics for the dtc web control panel
 dtc-toaster - web control panel for admin and accounting hosting services (meta
Closes: 637469 637477 637485 637487 637537 637584 637618 637629 637630 637632 
637669
Changes: 
 dtc (0.29.18-1+lenny2) lenny-security; urgency=low
 .
   * QA upload fixing:
     - Removed old iGlobalWall folder which included unwanted information.
     - Removed sourceless OSX mod_log_sql.so files (Closes: #637469).
     - Fixes lists shell injection issue (Closes: #637477).
     - Sets unix rights to non-world readable for the apache2.conf file,
     since it contains SQL access password (Closes: #637485).
     - Now htmlspecialchars() the output of DNS & MX, preventing a possible
     HTML injection issue (Closes: #637584).
     - Fixes "package installer includes php files in untrusted directories"
     if some package install packages are installed (Closes: #637629, #637630).
     - Adds htmlspecialchars() in the ticket display.
     - Fixes sudo access to chrootuid is giving access to root using the new
     dtc-chroot-wrapper (Closes: #637618).
     - Not using htpasswd -b to create .htpasswd files (Closes: #637537).
     - Checks $_SERVER["addrlink"] input correctly, since it could lead to very
     bad SQL insertion (Closes: #637487 ).
     - Fixes an SQL injection in package installer (Closes: #637632).
     - Fixes an SQL injection in the draw_user_admin.php (Closes: #637669).
Checksums-Sha1: 
 9e7675783f6ac3070dc332da98febc2af28894b6 1250 dtc_0.29.18-1+lenny2.dsc
 bdf1bef7c5d7e9d61892bc3875925503363354f5 7301006 dtc_0.29.18.orig.tar.gz
 b5e77fbbae9e27735c82751abc1ac0077146a002 78746 dtc_0.29.18-1+lenny2.diff.gz
 4445b341c0a0566e1f93325712fbd807bed799ab 1912204 
dtc-common_0.29.18-1+lenny2_all.deb
 79612b46702ccd4823e1d8060eea8497cbe83d72 70510 
dtc-core_0.29.18-1+lenny2_all.deb
 7456c345f99006e82795eb718e5d249606e8ddcd 70626 
dtc-cyrus_0.29.18-1+lenny2_all.deb
 9edf5d6c9463161b49431da1a9ea8a65fd146cf0 72150 
dtc-postfix-courier_0.29.18-1+lenny2_all.deb
 e145c361efd75c81675bdbd92c98eee47b2365af 31420 
dtc-stats-daemon_0.29.18-1+lenny2_all.deb
 6f4e57a97ea09e1c647225199c0c2b6fa693a965 25814 
dtc-toaster_0.29.18-1+lenny2_all.deb
Checksums-Sha256: 
 0205a5938ae0faee16d2d3d8df2d6fa9b311aae37c906c854ef585a981b8d3af 1250 
dtc_0.29.18-1+lenny2.dsc
 4c6c116a378641114310bfa4c0595945f8077e222292577d060f0d7f32be37b9 7301006 
dtc_0.29.18.orig.tar.gz
 e6741fced0c57c63d3b64dfc86c4b78361bd28c0b21c47b739fa8e478612dcca 78746 
dtc_0.29.18-1+lenny2.diff.gz
 aad9db66e62d2f24c3b56d35a6c46d553f52a6361d82db873aecfaed65dcf124 1912204 
dtc-common_0.29.18-1+lenny2_all.deb
 6574b290ee7ef3a68487bc6adf9be43ef10cf753bbbec0eea4ee6c0e2dfc2414 70510 
dtc-core_0.29.18-1+lenny2_all.deb
 ae3ce5943e2b9cec34fa1b6c6f77cd1e035992e844ed890432a34338fc15091d 70626 
dtc-cyrus_0.29.18-1+lenny2_all.deb
 a0988321c1edca4e4f68ecce6250cd404e84286f430007e90a94c3928acf9293 72150 
dtc-postfix-courier_0.29.18-1+lenny2_all.deb
 2b5e79c3bf8972499b1640e905068efdee6a67edbd713d2b5f8f95949d8c1c0a 31420 
dtc-stats-daemon_0.29.18-1+lenny2_all.deb
 e88ef80dedf21e996b36328a27a5be300c3b4fdeaedfe5781dc3d4ac17b3e617 25814 
dtc-toaster_0.29.18-1+lenny2_all.deb
Files: 
 a3f3e14f6ea3d0cdceec1c80727160e8 1250 admin extra dtc_0.29.18-1+lenny2.dsc
 a974267096479c55720c8d7e3c00ae6d 7301006 admin extra dtc_0.29.18.orig.tar.gz
 79129db9e54025fe4a08f590249caf3c 78746 admin extra dtc_0.29.18-1+lenny2.diff.gz
 351c2f7d94f8fa02cc6fc85f7ecdc3a9 1912204 admin extra 
dtc-common_0.29.18-1+lenny2_all.deb
 eaaa9dfc160479f3a8cb4662087cf4dc 70510 admin extra 
dtc-core_0.29.18-1+lenny2_all.deb
 517eedc29e40d13333d713245e0435aa 70626 admin extra 
dtc-cyrus_0.29.18-1+lenny2_all.deb
 b46683262492c05b7096e4f81322fb56 72150 admin extra 
dtc-postfix-courier_0.29.18-1+lenny2_all.deb
 30edcbb544f59beb9e0949c6836a0380 31420 admin extra 
dtc-stats-daemon_0.29.18-1+lenny2_all.deb
 0434325a71c5fa9f6e174ac89f2085b8 25814 admin extra 
dtc-toaster_0.29.18-1+lenny2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEAREDAAYFAk5sVVUACgkQl4M9yZjvmkkv1QCffTfT59yeRRJPOunBaCKGLLpT
MowAnR2XE3OKrUWUAuwvJm/6kyhuwPxJ
=J5w+
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to