[Secure-testing-team] Re: Bug#335938: mantis: Mantis 't_core_path'
File Inclusion Vulnerability
Martin Schulze
joey at infodrom.org
Sun Nov 20 12:23:33 UTC 2005
Thijs Kinkhorst wrote:
> On Thu, 2005-10-27 at 15:49 +0200, Moritz Muehlenhoff wrote:
> > All affect Sarge.
>
> I've prepared updated packages for sarge. My updated package for sid is
> still pending with my sponsor Luk Claes. The updated packages for sarge
> are available here:
> http://www.a-eskwadraat.nl/~kink/mantis_sec/
>
> They are not signed since I'm not a DD yet.
> Please let me know if you have comments or questions.
Sorry for the delay. I've finally got to it and will release an advisory
soon. Thijs and Moritz, great work!
Package : mantis
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2005-3091 CVE-2005-3335 CVE-2005-3336 CVE-2005-3338
CVE-2005-3339
CERT advisory :
BugTraq ID :
Debian Bugs : 330682 335938
Several security related problems have been discovered in Mantis, a
web-based bug tracking system. The Common Vulnerabilities and
Exposures project identifies the following problems:
CVE-2005-3091
A cross-site scripting vulnerability allows attackers to inject
arbitrary web script or HTML.
CVE-2005-3335
A file inclusion vulnerability allows remote attackers to execute
arbitrary PHP code and include arbitrary local files.
CVE-2005-3336
An SQL injection vulnerability allows remote attackers to execute
arbitrary SQL commands.
CVE-2005-3338
Mantis can be tricked into displaying the otherwise hidden real
mail address of its users.
Regards,
Joey
--
Life is a lot easier when you have someone to share it with. -- Sean Perry
Please always Cc to me when replying to me on the lists.
More information about the Secure-testing-team
mailing list