Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 114205

Summary: www-apps/trac: SQL injection
Product: Gentoo Security Reporter: Milton YATES <milton.yates>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: web-apps
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: ~3 [noglsa] jaervosz
Package list:
Runtime testing required: ---

Description Milton YATES 2005-12-01 15:38:52 UTC 
Trac 0.9.1 is out and fixes some bugs, and some *security bugs* too. It would be
nice if an ebuild for 0.9.1 was created.

Reproducible: Always
Steps to Reproduce:
Comment 1 Carsten Lohrke (RETIRED) gentoo-dev 2005-12-01 15:48:34 UTC 
According to a post from David Maciejak on Full-disclosure:

Malicious user can conduct SQL injection in ticket query module
because supplied 'group' URI data passed to the query script
is not properly sanitized.

PoC:

http://host/trac/query?group=/*

Vulnerable version:

Version tested is 0.9
Maybe 0.9 betas are also vulnerable
Comment 2 Julien Allanos (RETIRED) gentoo-dev 2005-12-02 10:21:29 UTC 
Added 0.9.1 to CVS, removed 0.9_beta2 and 0.9. 
 
Are the (stable) 0.8.x vulnerable?
Comment 3 Thierry Carrez (RETIRED) gentoo-dev 2005-12-03 08:33:18 UTC 
According to http://projects.edgewall.com/trac/wiki/ChangeLog only the 0.9
series is affected.

Affected package was never stable so closing without GLSA.