oss-sec mailing list archives
Re: SQL injection vulnerability in MantisBT SOAP API
From: Damien Regad <dregad () mantisbt org>
Date: Thu, 30 Oct 2014 22:44:32 +0100
On 30.10.2014 22:07, P Richards wrote:
CVE-2014-8554 is already assigned to this issue...
Sorry for the confusion here - Paul and I were actually both working on the same issue simultaneously and without knowing it, and we both came up with a patch and a CVE request... So please disregard my earlier request, and let's use CVE-2014-8554 moving forward. That said, it would be useful indeed if someone could update CVE-2014-8554 with the data below, as this will become the "official" reference for the issue and the fix.
-----Original Message----- From: dregad () gmail com [mailto:dregad () gmail com] On Behalf Of Damien Regad Sent: 30 October 2014 20:55 To: oss-security () lists openwall com Subject: [oss-security] SQL injection vulnerability in MantisBT SOAP API Description: Several SQL injection vulnerabilities were identified in CVE-2014-1609, and subsequently fixed in MantisBT release 1.2.16 [1]. However, it was recently discovered that the patch did not fully address the original problem in the SOAP API. Research demonstrates that using a specially crafted 'project id' parameter when calling mc_project_get_attachments(), an attacker could still perform an SQL injection. Affected versions: MantisBT >= 1.1.0a4, <= 1.2.17 Fixed in versions: 1.2.18 (not yet released) Credit: Issue was discovered by - Edwin Gozeling and Wim Visser from ITsec Security Services BV (http://www.itsec.nl) - Paul Richards (former MantisBT developer) References: - further details, including patch available in our issue tracker [2] ( Please assign a CVE ID for this issue, which is a follow-up on CVE-2014-1609 (the released fix of which was incomplete). [1] http://www.mantisbt.org/bugs/view.php?id=16880 [2] http://www.mantisbt.org/bugs/view.php?id=17812
--- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com
Current thread:
- SQL injection vulnerability in MantisBT SOAP API Damien Regad (Oct 30)
- RE: SQL injection vulnerability in MantisBT SOAP API P Richards (Oct 30)
- Re: SQL injection vulnerability in MantisBT SOAP API Damien Regad (Oct 30)
- Re: SQL injection vulnerability in MantisBT SOAP API [CVE-2014-8554] Damien Regad (Nov 01)
- Re: SQL injection vulnerability in MantisBT SOAP API Damien Regad (Oct 30)
- RE: SQL injection vulnerability in MantisBT SOAP API P Richards (Oct 30)
- RE: SQL injection vulnerability in MantisBT SOAP API P Richards (Oct 30)