oss-sec mailing list archives
Re: CVE request: mantisbt < 1.1.4: RCE
From: Tomas Hoger <thoger () redhat com>
Date: Mon, 20 Oct 2008 09:16:52 +0200
On Sun, 19 Oct 2008 11:18:31 +0200 Christian Hoffmann <hoffie () gentoo org> wrote:
has a CVE id been already assigned to the recent remote code execution issue in mantis < 1.1.4? If not, please do so. References: http://www.mantisbt.org/bugs/view.php?id=0009704 http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/utility_api.php?r1=5679&r2=5678&pathrev=5679 http://www.milw0rm.com/exploits/6768 https://bugs.gentoo.org/show_bug.cgi?id=242722
There's actually at least one issue fixed in 1.1.3 that probably deserves a CVE: - 0009321: [security] Users can get title and status of issues that they don't have access to. (vboctor) - closed. http://www.mantisbt.org/bugs/view.php?id=9321 Additionally, Gentoo bug: http://bugs.gentoo.org/show_bug.cgi?id=241940 points out another fix in 1.1.3: - 0009664: [authentication] Logout without unsetting session cookie (jreese) - closed. http://www.mantisbt.org/bugs/view.php?id=9664 Which seems to be on the edge between security fix and security enhancement, not sure if this kind of fixes get CVE ids assigned. Thanks! -- Tomas Hoger / Red Hat Security Response Team
Current thread:
- CVE request: mantisbt < 1.1.4: RCE Christian Hoffmann (Oct 19)
- Re: CVE request: mantisbt < 1.1.4: RCE Tomas Hoger (Oct 20)
- Re: CVE request: mantisbt < 1.1.4: RCE Steven M. Christey (Oct 22)
- Re: CVE request: mantisbt < 1.1.4: RCE Tomas Hoger (Oct 20)