114205 – www-apps/trac: SQL injection

Bug 114205 - www-apps/trac: SQL injection

Summary: www-apps/trac: SQL injection

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High trivial (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	~3 [noglsa] jaervosz
Keywords:

Depends on:
Blocks:

Reported:	2005-12-01 15:38 UTC by Milton YATES
Modified:	2005-12-03 08:33 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Milton YATES 2005-12-01 15:38:52 UTC

Trac 0.9.1 is out and fixes some bugs, and some *security bugs* too. It would be
nice if an ebuild for 0.9.1 was created.

Reproducible: Always
Steps to Reproduce:

Comment 1 Carsten Lohrke (RETIRED) gentoo-dev

2005-12-01 15:48:34 UTC

According to a post from David Maciejak on Full-disclosure:

Malicious user can conduct SQL injection in ticket query module
because supplied 'group' URI data passed to the query script
is not properly sanitized.

PoC:

http://host/trac/query?group=/*

Vulnerable version:

Version tested is 0.9
Maybe 0.9 betas are also vulnerable

Comment 2 Julien Allanos (RETIRED) gentoo-dev

2005-12-02 10:21:29 UTC

Added 0.9.1 to CVS, removed 0.9_beta2 and 0.9. 
 
Are the (stable) 0.8.x vulnerable?

Comment 3 Thierry Carrez (RETIRED) gentoo-dev

2005-12-03 08:33:18 UTC

According to http://projects.edgewall.com/trac/wiki/ChangeLog only the 0.9
series is affected.

Affected package was never stable so closing without GLSA.