Lucene search
HistoryMar 21, 2014 - 4:38 a.m.
CVE-2011-3196
information security
cve-2011-3196
domain technologie control (dtc)
setup script
permissions
mysql password
apache2
6.1 Medium
AI Score
Confidence
Low
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
5.2%
The setup script in Domain Technologie Control (DTC) before 0.34.1 uses world-readable permissions for /etc/apache2/apache2.conf, which allows local users to obtain the dtcdaemons MySQL password by reading the file.
References
Related
prion
prion
Design/Logic Flaw
2014-03-21 04:38:00
ubuntucve
ubuntucve
CVE-2011-3196
2014-03-21 00:00:00
openvas
openvas
Debian Security Advisory DSA 2365-1 (dtc)
2012-02-11 00:00:00
Debian: Security Advisory (DSA-2365-1)
2012-02-11 00:00:00
debian
debian
[SECURITY] [DSA 2365-1] dtc security update
2011-12-18 20:48:08
securityvulns
securityvulns
[SECURITY] [DSA 2365-1] dtc security update
2011-12-26 00:00:00
nessus
nessus
Debian DSA-2365-1 : dtc - several vulnerabilities
2012-01-12 00:00:00
osv
osv
dtc - several
2011-12-18 00:00:00
6.1 Medium
AI Score
Confidence
Low
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
5.2%
Related for CVE-2011-3196