Debian Security Advisory
DSA-2056-1 zonecheck -- missing input sanitizing
- Date Reported:
- 06 Jun 2010
- Affected Packages:
- zonecheck
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 583290.
In Mitre's CVE dictionary: CVE-2010-2052, CVE-2010-2155, CVE-2009-4882. - More information:
-
It was discovered that in ZoneCheck, a tool to check DNS configurations, the CGI does not perform sufficient sanitation of user input; an attacker can take advantage of this and pass script code in order to perform cross-site scripting attacks.
For the stable distribution (lenny), this problem has been fixed in version 2.0.4-13lenny1.
For the testing distribution (squeeze), this problem has been fixed in version 2.1.1-1.
For the unstable distribution (sid), this problem has been fixed in version 2.1.1-1.
We recommend that you upgrade your zonecheck packages.
- Fixed in:
-
Debian GNU/Linux 5.0 (lenny)
- Source:
- http://security.debian.org/pool/updates/main/z/zonecheck/zonecheck_2.0.4.orig.tar.gz
- http://security.debian.org/pool/updates/main/z/zonecheck/zonecheck_2.0.4-13lenny1.dsc
- http://security.debian.org/pool/updates/main/z/zonecheck/zonecheck_2.0.4-13lenny1.diff.gz
- http://security.debian.org/pool/updates/main/z/zonecheck/zonecheck_2.0.4-13lenny1.dsc
- Architecture-independent component:
- http://security.debian.org/pool/updates/main/z/zonecheck/zonecheck-cgi_2.0.4-13lenny1_all.deb
- http://security.debian.org/pool/updates/main/z/zonecheck/zonecheck_2.0.4-13lenny1_all.deb
- http://security.debian.org/pool/updates/main/z/zonecheck/zonecheck_2.0.4-13lenny1_all.deb
MD5 checksums of the listed files are available in the original advisory.