CVE-2010-3076

The filter function in php/src/include.php in Simple Management for BIND (aka smbind) before 0.4.8 does not anchor a certain regular expression, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via the username parameter to the admin login page.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://packetstormsecurity.org/1009-exploits/smbind-sql.txt	Exploit
http://sourceforge.net/projects/smbind/files/smbind/0.4.8/smbind-0.4.8.tar.bz2/download
http://www.debian.org/security/2010/dsa-2103
http://www.openwall.com/lists/oss-security/2010/09/05/5
http://www.openwall.com/lists/oss-security/2010/09/07/10

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:blentz:smbind::::::::
	cpe:2.3:a:blentz:smbind:0.2:::::::*
	cpe:2.3:a:blentz:smbind:0.2.1:::::::*
	cpe:2.3:a:blentz:smbind:0.3.1:::::::*
	cpe:2.3:a:blentz:smbind:0.4:::::::*
	cpe:2.3:a:blentz:smbind:0.4.1:::::::*
	cpe:2.3:a:blentz:smbind:0.4.2:::::::*
	cpe:2.3:a:blentz:smbind:0.4.3:::::::*
	cpe:2.3:a:blentz:smbind:0.4.4:::::::*
	cpe:2.3:a:blentz:smbind:0.4.5:::::::*
	cpe:2.3:a:blentz:smbind:0.4.6:::::::*

History

No history.

Information

Published : 2010-10-14 05:57

Updated : 2011-01-19 06:59

NVD link : CVE-2010-3076

Mitre link : CVE-2010-3076

CVE.ORG link : CVE-2010-3076

JSON object : View

Products Affected

blentz

smbind

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2010-3076", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-10-14T05:57:58.317", "references": [{"url": "http://packetstormsecurity.org/1009-exploits/smbind-sql.txt", "tags": ["Exploit"], "source": "secalert@redhat.com"}, {"url": "http://sourceforge.net/projects/smbind/files/smbind/0.4.8/smbind-0.4.8.tar.bz2/download", "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2010/dsa-2103", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2010/09/05/5", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2010/09/07/10", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "The filter function in php/src/include.php in Simple Management for BIND (aka smbind) before 0.4.8 does not anchor a certain regular expression, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via the username parameter to the admin login page."}, {"lang": "es", "value": "La funci\u00f3n filtro en php/src/include.php en Simple Management para BIND (tambi\u00e9n conocido como smbind) anterior a v0.4.8 no identifica cierta expresi\u00f3n regular, que permite a atacantes remotos llevar a cabo ataques de inyecci\u00f3n SQL y ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro 'username' en la p\u00e1gina de inicio del administrador."}], "lastModified": "2011-01-19T06:59:48.663", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:blentz:smbind:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E1538A6-E1B5-4CF2-AEEB-E001A8FCB325", "versionEndIncluding": "0.4.7"}, {"criteria": "cpe:2.3:a:blentz:smbind:0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB211A75-8BB8-4363-8882-DD42788375EB"}, {"criteria": "cpe:2.3:a:blentz:smbind:0.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A787D9D3-5101-4E90-956A-5E4DE59822AF"}, {"criteria": "cpe:2.3:a:blentz:smbind:0.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67546FFC-CFA8-4C10-BCED-899DAC54E722"}, {"criteria": "cpe:2.3:a:blentz:smbind:0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20F4DAAB-E3DC-4C30-9BE1-A48A115235B4"}, {"criteria": "cpe:2.3:a:blentz:smbind:0.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F7E9DF7-48C5-4360-8456-8A286149847E"}, {"criteria": "cpe:2.3:a:blentz:smbind:0.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFC9603F-1631-48A8-BD09-3BD64E4A032D"}, {"criteria": "cpe:2.3:a:blentz:smbind:0.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76D6C4AD-95EF-40C0-A94E-1090E5B9697A"}, {"criteria": "cpe:2.3:a:blentz:smbind:0.4.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7E5DA14-B008-4437-BC61-3ACBD5671425"}, {"criteria": "cpe:2.3:a:blentz:smbind:0.4.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "364C8859-84D5-44F9-801E-4A2B2CFA7BA7"}, {"criteria": "cpe:2.3:a:blentz:smbind:0.4.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C52D91EA-2602-4D39-936F-552D76F5D443"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}