CVE-2011-5275

Published: Mar 21, 2014Modified: May 6, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

The install script in Domain Technologie Control (DTC) before 0.34.1 gives sudo permissions for chrootuid to the dtc user, which makes it easier for context-dependent users to gain privileges.

Affected (35)

Products: Gplhost: Domain Technologie Control

Gplhost

1 product

Domain Technologie Control

Configuration A

35 vulnerable

Vulnerable Software	Affected Versions
Gplhost Domain Technologie Control	Up to 0.32.11
Gplhost Domain Technologie Control	Version 0.24.6
Gplhost Domain Technologie Control	Version 0.25.1
Gplhost Domain Technologie Control	Version 0.25.2
Gplhost Domain Technologie Control	Version 0.25.3
Gplhost Domain Technologie Control	Version 0.26.7
Gplhost Domain Technologie Control	Version 0.26.8
Gplhost Domain Technologie Control	Version 0.26.9
Gplhost Domain Technologie Control	Version 0.27.3
Gplhost Domain Technologie Control	Version 0.28.10
Gplhost Domain Technologie Control	Version 0.28.2
Gplhost Domain Technologie Control	Version 0.28.3
Gplhost Domain Technologie Control	Version 0.28.4
Gplhost Domain Technologie Control	Version 0.28.6
Gplhost Domain Technologie Control	Version 0.28.9
Gplhost Domain Technologie Control	Version 0.29.10
Gplhost Domain Technologie Control	Version 0.29.14
Gplhost Domain Technologie Control	Version 0.29.15
Gplhost Domain Technologie Control	Version 0.29.16
Gplhost Domain Technologie Control	Version 0.29.17
Gplhost Domain Technologie Control	Version 0.29.1
Gplhost Domain Technologie Control	Version 0.29.6
Gplhost Domain Technologie Control	Version 0.29.8
Gplhost Domain Technologie Control	Version 0.30.10
Gplhost Domain Technologie Control	Version 0.30.18
Gplhost Domain Technologie Control	Version 0.30.20
Gplhost Domain Technologie Control	Version 0.30.6
Gplhost Domain Technologie Control	Version 0.30.8
Gplhost Domain Technologie Control	Version 0.32.1
Gplhost Domain Technologie Control	Version 0.32.2
Gplhost Domain Technologie Control	Version 0.32.3
Gplhost Domain Technologie Control	Version 0.32.4
Gplhost Domain Technologie Control	Version 0.32.5
Gplhost Domain Technologie Control	Version 0.32.6
Gplhost Domain Technologie Control	Version 0.32.7

Related CWEs

CWE-264

References (6)

http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bhb=3eb6ef5cea6c571aae5e49e1930de778eca280c3

Source: cve@mitre.org

http://www.debian.org/security/2011/dsa-2365

Source: cve@mitre.org

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637618

Source: cve@mitre.org

http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bhb=3eb6ef5cea6c571aae5e49e1930de778eca280c3

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2011/dsa-2365

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637618

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.