Summary: | <www-apps/mantisbt-1.2.4: Multiple vulnerabilities (CVE-2010-{3303,3763,4348,4349,4350}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | David Hicks <david> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | pva |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
URL: | http://www.mantisbt.org/bugs/view.php?id=12607 | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
David Hicks
2010-12-15 03:25:42 UTC
Apologies for the oversight, Gentoo does still ship mantisbt-1.1.8. The patch to apply to this version can be obtained through our repository at: http://git.mantisbt.org/?p=mantisbt.git;a=commitdiff_plain;h=2641fdc60d2032ae1586338d6416e1eadabd7590 Please note that MantisBT 1.1.x is not officially supported by the MantisBT project and is not recommended for use. We have made a significant number of security improvements in 1.2.x that aren't available in 1.1.x (not just bug fixes, but general architecture changes). (In reply to comment #0) > > If there are any questions or concerns please feel free to contact me. > Thank you for the report, David. CVE-2010-4348: Cross site scripting CVE-2010-4349: Path disclosure CVE-2010-4350: Local file inclusion Thank you David. New version was just added to the tree and I've dropped old, vulnerable versions. Arch teams, please, stabilize www-apps/mantisbt-1.2.4. Rerating B2. amd64 ok amd64 done. Thanks Agostino x86 stable ppc stable, last arch done Thanks, folks. GLSA request filed. CVE-2010-4350 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4350): Directory traversal vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the db_type parameter, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP. CVE-2010-4349 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4349): admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to obtain sensitive information via an invalid db_type parameter, which reveals the installation path in an error message, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP. CVE-2010-4348 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4348): Cross-site scripting (XSS) vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the db_type parameter, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP. CVE-2010-3763 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3763): Cross-site scripting (XSS) vulnerability in core/summary_api.php in MantisBT before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the Summary field, a different vector than CVE-2010-3303. CVE-2010-3303 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3303): Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.3 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) a plugin name, related to manage_plugin_uninstall.php; (2) an enumeration value or (3) a String value of a custom field, related to core/cfdefs/cfdef_standard.php; or a (4) project or (5) category name to print_all_bug_page_word.php. This issue was resolved and addressed in GLSA 201211-01 at http://security.gentoo.org/glsa/glsa-201211-01.xml by GLSA coordinator Tobias Heinlein (keytoaster). |