|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Debian Local Security Checks >> [DSA153] DSA-153-1 mantis Vulnerability Assessment Details
|
[DSA153] DSA-153-1 mantis |
||
DSA-153-1 mantis Detailed Explanation for this Vulnerability Assessment Joao Gouveia discovered an uninitialized variable which was insecurely used with file inclusions in the mantis package, a php based bug tracking system. The Debian Security Team found even more similar problems. When these occasions are exploited, a remote user is able to execute arbitrary code under the webserver user id on the web server hosting the mantis system. Jeroen Latour discovered that Mantis did not check all user input, especially if they do not come directly from form fields. This opens up a wide variety of SQL poisoning vulnerabilities on systems without magic_quotes_gpc enabled. Most of these vulnerabilities are only exploitable in a limited manner, since it is no longer possible to execute multiple queries using one call to mysql_query(). There is one query which can be tricked into changing an account's access level. Jeroen Latour also reported that it is possible to instruct Mantis to show reporters only the bugs that they reported, by setting the limit_reporters option to ON. However, when formatting the output suitable for printing, the program did not check the limit_reporters option and thus permited reporters to see the summaries of bugs they did not report. Jeroen Latour discovered that the page responsible for displaying a list of bugs in a particular project, did not check whether the user actually has access to the project, which is transmitted by a cookie variable. It accidentally trusted the fact that only projects accessible to the user were listed in the drop-down menu. This provides a malicious user with an opportunity to display the bugs of a private project selected. These problems have been fixed in version 0.17.1-2.2 for the current stable distribution (woody) and in version 0.17.4a-2 for the unstable distribution (sid). The old stable distribution (potato) is not affected, since it doesn't contain the mantis package. Additional information: We recommend that you upgrade your mantis packages immediately. Solution : http://www.debian.org/security/2002/dsa-153 Network Security Threat Level: High Networks Security ID: 5504, 5509, 5510, 5514, 5515, 5563, 5565 Vulnerability Assessment Copyright: This script is (C) 2005 Michel Arboi |
||
Cables, Connectors |
IBM System X 3250 M5 Single Xeon Quad Core E3-1220 v3 @3.1GHz,8GB RAM,Linux SUSE
$199.87
Dell PowerEdge R730xd Server 2.60Ghz 32-Core 64GB 800GB SSD Debian Linux
$836.80
POGO Linux WEBWARE 1150 Rack-Mount Server Pentium 4 2.8GHz 512MB - No Drives
$179.99
32GB Web HTML HTTP Server, Great tool for eBay seller & kids to host web site
$229.99
2 x HP ProLiant BL460c (447707-B21) Blade Servers No RAM No HDD
$30.00
IBM CS821 20-Core 2.827GHz 128Gb 1.92Tb SSD 1U Linux Server - 8005-12N Power 8
$449.96
Red Hat Enterprise Linux 5 Server - New and Sealed
$16.99
1U BareMetal pfsense opnsense Router Firewall DNS Server 6x 10GB Ethernet Ports
$149.00
1U Open Source Router Firewall X10SLH-N6-ST031 E3-1270 V3 6x 10GB Ethernet 16GB
$419.00
PFSENSE 15" Depth Server Router Firewall Supermicro X11SSH-F E3-1240 V5 32GB RAM
$382.00
|
||
No Discussions have been posted on this vulnerability. |