Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3196

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2011-3196
Last Modified 27 Mar 2014 06:02:01
Published 21 Mar 2014 12:38:53
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2011-3196

Summary

The setup script in Domain Technologie Control (DTC) before 0.34.1 uses world-readable permissions for /etc/apache2/apache2.conf, which allows local users to obtain the dtcdaemons MySQL password by reading the file.

Vulnerable Systems

Application

  • Gplhost Domain Technologie Control 0.24.6

  • Gplhost Domain Technologie Control 0.25.1

  • Gplhost Domain Technologie Control 0.25.2

  • Gplhost Domain Technologie Control 0.25.3

  • Gplhost Domain Technologie Control 0.26.7

  • Gplhost Domain Technologie Control 0.26.8

  • Gplhost Domain Technologie Control 0.26.9

  • Gplhost Domain Technologie Control 0.27.3

  • Gplhost Domain Technologie Control 0.28.10

  • Gplhost Domain Technologie Control 0.28.2

  • Gplhost Domain Technologie Control 0.28.3

  • Gplhost Domain Technologie Control 0.28.4

  • Gplhost Domain Technologie Control 0.28.6

  • Gplhost Domain Technologie Control 0.28.9

  • Gplhost Domain Technologie Control 0.29.1

  • Gplhost Domain Technologie Control 0.29.10

  • Gplhost Domain Technologie Control 0.29.14

  • Gplhost Domain Technologie Control 0.29.15

  • Gplhost Domain Technologie Control 0.29.16

  • Gplhost Domain Technologie Control 0.29.17

  • Gplhost Domain Technologie Control 0.29.6

  • Gplhost Domain Technologie Control 0.29.8

  • Gplhost Domain Technologie Control 0.30.10

  • Gplhost Domain Technologie Control 0.30.18

  • Gplhost Domain Technologie Control 0.30.20

  • Gplhost Domain Technologie Control 0.30.6

  • Gplhost Domain Technologie Control 0.30.8

  • Gplhost Domain Technologie Control 0.32.1

  • Gplhost Domain Technologie Control 0.32.11

  • Gplhost Domain Technologie Control 0.32.2

  • Gplhost Domain Technologie Control 0.32.3

  • Gplhost Domain Technologie Control 0.32.4

  • Gplhost Domain Technologie Control 0.32.5

  • Gplhost Domain Technologie Control 0.32.6

  • Gplhost Domain Technologie Control 0.32.7


References

CONFIRM - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637485

MLIST - [oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc

MLIST - [oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc

DEBIAN - DSA-2365

CONFIRM - http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3


Last Updated: 27 May 2016 10:51:58