Users of smbind please be advised of a sql injection vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
DSA-2103-1: [DSA-2103-1] New smbind packages fix sql injection
Vulnerability : sql injection
It was discovered that smbind, a PHP-based tool for managing DNS zones
for BIND, does not properly validating input.
An unauthenticated remote attacker could execute arbitrary SQL commands
or gain access to the admin account.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/d4DMyw

No comments:
Post a Comment