2.1 CVE-2011-3196

Ransomware Risk

O script de configuração no Domain Technologie Control (DTC) anterior a 0.34.1 usa permissões legíveis por todos para /etc/apache2/apache2.conf, que permite que usuários locais obtenham a senha dtcdaemons MySQL lendo o arquivo.
https://nvd.nist.gov/vuln/detail/CVE-2011-3196

Categorias

CWE-264

Referências

CONFIRM

http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637485

DEBIAN

DSA-2365

_MLIST

[oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc
[oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc

CPE

cpe	começar	fim
Configuration 1
cpe:2.3:a:gplhost:domain_technologie_control:0.24.6:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.25.1:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.25.2:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.25.3:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.26.7:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.26.8:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.26.9:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.27.3:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.28.2:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.28.3:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.28.4:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.28.6:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.28.9:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.28.10:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.29.1:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.29.6:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.29.8:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.29.10:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.29.14:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.29.15:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.29.16:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.29.17:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.30.6:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.30.8:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.30.10:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.30.18:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.30.20:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.32.1:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.32.2:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.32.3:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.32.4:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.32.5:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.32.6:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.32.7:::::::*
cpe:2.3:a:gplhost:domain_technologie_control::::::::		<= 0.32.11

REMEDIAÇÃO

EXPLOITS

Exploit-db.com

id	descrição	datado
Nenhum exploit conhecido

Outros (github, ...)

Url
Nenhum exploit conhecido

CAPEC

Common Attack Pattern Enumerations and Classifications

id	descrição	gravidade
Entrada proibida

MITRE

Sherlock® flash

Tire uma foto da sua rede informática em poucos cliques !

A solução de auditoria Sherlock® flash permite-lhe realizar uma auditoria para reforçar a segurança dos seus activos informáticos. Vulnerabilidade do seu equipamento físico e virtual. Planeamento de correcções por nível de prioridade e tempo disponível. Relatórios detalhados e intuitivos.

Descubra esta oferta

Sherlock® flash: 1ª solução instantânea de auditoria cibernética de segurança

cpe	começar	fim
Configuration 1
cpe:2.3:a:gplhost:domain_technologie_control:0.24.6:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.25.1:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.25.2:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.25.3:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.26.7:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.26.8:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.26.9:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.27.3:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.28.2:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.28.3:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.28.4:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.28.6:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.28.9:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.28.10:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.29.1:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.29.6:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.29.8:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.29.10:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.29.14:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.29.15:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.29.16:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.29.17:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.30.6:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.30.8:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.30.10:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.30.18:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.30.20:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.32.1:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.32.2:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.32.3:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.32.4:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.32.5:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.32.6:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.32.7:::::::*
cpe:2.3:a:gplhost:domain_technologie_control::::::::		<= 0.32.11