[Secure-testing-team] Bug#611680: dtc-xen - Remote authenticated root exploit
Bastian Blank
waldi at debian.org
Mon Jan 31 22:17:02 UTC 2011
Package: dtc-xen
Version: 0.5.13-3
Severity: grave
Tags: security
dtc-xen includes several command executions as root that uses unchecked
user input in dtc-soap-server.
| cmd = "/usr/sbin/dtc_kill_vps_disk %s %s" % (vpsname, imagetype)
| output = commands.getstatusoutput(cmd)
"imagetype" is the uncheck input and commands.getstatusoutput
effectively does "sh -c '{ $cmd } 2>&1'".
Bastian
-- System Information:
Debian Release: 6.0
APT prefers stable
APT policy: (990, 'stable'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
More information about the Secure-testing-team
mailing list