Vulnerabilities > CVE-2011-0436 - Cryptographic Issues vulnerability in Gplhost Domain Technologie Control
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The register_user function in client/new_account_form.php in Domain Technologie Control (DTC) before 0.32.9 includes a cleartext password in an e-mail message, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2179.NASL description Ansgar Burchardt discovered several vulnerabilities in DTC, a web control panel for admin and accounting hosting services. - CVE-2011-0434 The bw_per_moth.php graph contains a SQL injection vulnerability. - CVE-2011-0435 Insufficient checks in bw_per_month.php can lead to bandwidth usage information disclosure. - CVE-2011-0436 After a registration, passwords are sent in cleartext email messages. - CVE-2011-0437 Authenticated users could delete accounts using an obsolete interface which was incorrectly included in the package. This update introduces a new configuration option which controls the presence of cleartext passwords in email messages. The default is not to include cleartext passwords. last seen 2020-03-17 modified 2011-03-03 plugin id 52513 published 2011-03-03 reporter This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/52513 title Debian DSA-2179-1 : dtc - SQL injection code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2179. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(52513); script_version("1.11"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2011-0434", "CVE-2011-0435", "CVE-2011-0436", "CVE-2011-0437"); script_xref(name:"DSA", value:"2179"); script_name(english:"Debian DSA-2179-1 : dtc - SQL injection"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Ansgar Burchardt discovered several vulnerabilities in DTC, a web control panel for admin and accounting hosting services. - CVE-2011-0434 The bw_per_moth.php graph contains a SQL injection vulnerability. - CVE-2011-0435 Insufficient checks in bw_per_month.php can lead to bandwidth usage information disclosure. - CVE-2011-0436 After a registration, passwords are sent in cleartext email messages. - CVE-2011-0437 Authenticated users could delete accounts using an obsolete interface which was incorrectly included in the package. This update introduces a new configuration option which controls the presence of cleartext passwords in email messages. The default is not to include cleartext passwords." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614302" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-0434" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-0435" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-0436" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-0437" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2011/dsa-2179" ); script_set_attribute( attribute:"solution", value: "Upgrade the dtc packages. For the oldstable distribution (lenny), this problem has been fixed in version 0.29.17-1+lenny1. The stable distribution (squeeze) and the testing distribution (wheezy) do not contain any dtc packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dtc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0"); script_set_attribute(attribute:"patch_publication_date", value:"2011/03/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/03/03"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"5.0", prefix:"dtc", reference:"0.29.17-1+lenny1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_879B0242C5B611E0ABD10017F22D6707.NASL description Ansgar Burchardt reports : Ansgar Burchardt discovered several vulnerabilities in DTC, a web control panel for admin and accounting hosting services : The bw_per_moth.php graph contains a SQL injection vulnerability; insufficient checks in bw_per_month.php can lead to bandwidth usage information disclosure; after a registration, passwords are sent in cleartext email messages and Authenticated users could delete accounts using an obsolete interface which was incorrectly included in the package. last seen 2020-06-01 modified 2020-06-02 plugin id 55846 published 2011-08-15 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55846 title FreeBSD : dtc -- multiple vulnerabilities (879b0242-c5b6-11e0-abd1-0017f22d6707) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(55846); script_version("1.9"); script_cvs_date("Date: 2019/08/02 13:32:41"); script_cve_id("CVE-2011-0434", "CVE-2011-0435", "CVE-2011-0436", "CVE-2011-0437"); script_xref(name:"DSA", value:"2179"); script_name(english:"FreeBSD : dtc -- multiple vulnerabilities (879b0242-c5b6-11e0-abd1-0017f22d6707)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Ansgar Burchardt reports : Ansgar Burchardt discovered several vulnerabilities in DTC, a web control panel for admin and accounting hosting services : The bw_per_moth.php graph contains a SQL injection vulnerability; insufficient checks in bw_per_month.php can lead to bandwidth usage information disclosure; after a registration, passwords are sent in cleartext email messages and Authenticated users could delete accounts using an obsolete interface which was incorrectly included in the package." ); # https://vuxml.freebsd.org/freebsd/879b0242-c5b6-11e0-abd1-0017f22d6707.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2345d47a" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:dtc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/03/02"); script_set_attribute(attribute:"patch_publication_date", value:"2011/08/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/08/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"dtc<0.32.9")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
References
- http://www.gplhost.sg/lists/dtcannounce/msg00025.html
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614302
- http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog
- http://www.debian.org/security/2011/dsa-2179
- http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog
- http://www.vupen.com/english/advisories/2011/0556
- http://secunia.com/advisories/43523
- http://openwall.com/lists/oss-security/2011/02/22/1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65898
- http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commit%3Bh=adffff7efb3687ff465ee0552a944dd3109f3cb0
- http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commit%3Bh=f8e3b2d7cc2da313addc05394568ab9599499285