Bugs - DirectAdmin

DirectAdmin

#	VER	L/R	AUTH	S	REPORTED	TYPE	DESCRIPTION
01	1.322	L	Y	N	09/01/2008	design issue	uid and gid reuse issues
02	1.322	L	Y	N	09/03/2008	symlink	resellers can control any file
03	1.322	L	Y/N	N	09/07/2008	permissions	insecure default majordomo setup
04	1.351	L	Y	N	unreported	undisclosed	local DA users can obtain root privs
05	1.351	L	Y	N	unreported	undisclosed	local DA users can obtain root privs
06	1.351	L	Y	N	unreported	undisclosed	XSS
07	1.351	L	Y	N	unreported	undisclosed	local DA users can obtain root privs
08	1.351	L	Y	N	unreported	undisclosed	local DA users can obtain root privs
09	1.351	L	Y	N	unreported	undisclosed	local DA users can obtain root privs
10	1.351	L	Y	N	unreported	undisclosed	local DA users can obtain root privs
11	1.351	L	Y	N	unreported	undisclosed	local DA users can obtain root privs
12	1.351	L	Y	N	unreported	undisclosed	local DA users can obtain root privs
13	1.351	L	Y	N	unreported	undisclosed	local DA users can obtain root privs
14	1.351	L	Y	N	unreported	undisclosed	local DA users can obtain root privs
15	1.351	L	Y	N	unreported	undisclosed	local DA users can obtain root privs
16	1.351	L	Y	N	unreported	undisclosed	local DA users can obtain root privs
17	1.351	L	Y	N	unreported	undisclosed	local DA users can obtain root privs
18	1.351	L	Y	N	unreported	undisclosed	local DA users can obtain root privs
19	1.351	L	Y	N	unreported	undisclosed	local DA users can obtain root privs
20	1.351	L	Y	N	unreported	undisclosed	local DA users can obtain root privs
21	1.351	L	Y	N	unreported	undisclosed	local DA users can obtain root privs
22	1.351	L	Y	N	unreported	undisclosed	local DA users can obtain root privs
23	1.351	L	Y	N	unreported	undisclosed	local DA users can obtain root privs
24	1.351	L	Y	N	unreported	undisclosed	local DA users can obtain root privs
25	1.351	L	Y	N	unreported	undisclosed	local DA users can obtain root privs
26	1.351	L	Y	N	unreported	undisclosed	local DA users can obtain root privs
27	1.351	L	Y	N	unreported	undisclosed	local DA users can obtain root privs
28	1.351	L	Y	N	unreported	undisclosed	local DA users can obtain root privs
29	1.351	L	Y	N	unreported	undisclosed	local DA users can obtain sensitive info
30	1.351	L	Y	N	unreported	undisclosed	local DA users can obtain root privs
31	1.351	L	Y	N	unreported	undisclosed	local DA users can obtain root privs
32	1.351	L	Y	N	unreported	undisclosed	local DA users can obtain root privs
33	1.351	L	Y	N	unreported	undisclosed	local DA users can obtain root privs
34	1.351	L	Y	N	unreported	undisclosed	local DA users can obtain root privs
35	1.351	L	Y	N	unreported	undisclosed	local DA users can destroy data
36	1.351	L	Y	N	unreported	undisclosed	local DA users can obtain root privs
37	1.351	L	Y	N	unreported	undisclosed	local users can obtain sensitive info
38	1.351	L	Y	N	unreported	undisclosed	local DA users can obtain root privs
39	1.351	L	Y	N	unreported	undisclosed	local DA users can obtain root privs
40	1.351	L	Y	N	unreported	undisclosed	local DA users can obtain root privs
41	1.351	L	Y	N	unreported	undisclosed	local users can obtain sensitive info
42	1.351	L	Y	N	unreported	undisclosed	local DA users can destroy data
43	1.351	L	Y	N	unreported	undisclosed	local DA users can obtain root privs
44	1.351	L	Y	N	unreported	undisclosed	local DA users can obtain root privs
45	1.351	L	Y	N	unreported	undisclosed	local DA users can obtain root privs
46	1.351	L	Y	N	unreported	undisclosed	local DA users can obtain root privs

Trivial	very minor issues
Low	XSS, info leaks
Medium	destructive actions, access others' accounts
High	local root (auth required), /root/.accesshash, /etc/shadow access
Less Critical	local root (no auth required)
Critical	remote root (no auth required)
L/R	Local/Remote
Auth	Authentication required
S	Bug found via source code review