Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 230007 (CVE-2008-3502)

Summary: www-apps/rt <3.6.7 Devel::StackTrace Denial of Service Vulnerability (CVE-2008-3502)
Product: Gentoo Security Reporter: Robert Buchholz (RETIRED) <rbu>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: rl03
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://secunia.com/advisories/30830/
Whiteboard: ~3 [noglsa]
Package list:
Runtime testing required: ---

Description Robert Buchholz (RETIRED) gentoo-dev 2008-06-29 12:08:34 UTC 
A vulnerability has been reported in RT, which can exploited by
malicious users to cause a DoS (Denial of Service).

The vulnerability is caused due to an error in the
"Devel::StackTrace" Perl module and can be exploited to exhaust all
available memory or consume all CPU resources.

Successful exploitation requires that the attacker is a privileged RT
user.

The vulnerability is reported in 3.x versions prior to 3.6.7.

SOLUTION:
Update to version 3.6.7.

PROVIDED AND/OR DISCOVERED BY:
The vendor credits Rune Hammersland.

ORIGINAL ADVISORY:
http://lists.bestpractical.com/pipermail/rt-announce/2008-June/000158.html
Comment 1 Gunnar Wrobel (RETIRED) gentoo-dev 2008-07-01 16:48:53 UTC 
Added rt-3.6.7. Unstable on all arches. Removed vulnerable versions. webapps done.
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2008-07-01 16:54:50 UTC 
Done for us, thanks.