oss-sec mailing list archives
Re: CVE Request: DB credentials disclosure in MantisBT's unattended upgrade script
From: cve-assign () mitre org
Date: Fri, 5 Dec 2014 10:36:16 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The unattended upgrade script retrieved DB connection settings from POST parameters, allowing an attacker to get the script to connect to their host with the current DB config credentials.
Use CVE-2014-9279. - --- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEVAwUBVIHQUallVAevmvmsAQJ4GggAuFASSLrELbRB9MldfS46aXSpS/1BkveR dmIbdhwCj+hy9NCaUNUyY6G6bXkk7o+1qDkrTuJyxY/DU7HVlIfdpyOqA9ormShk wlOZ69mvtnzx922PRMVME3yl5UAGNHOgXtsx4688e/gX9SPETTaGV1+EJF5qHpjX rfCEFJ0HJMm6bkneMoSTBgQ9l0rLr6vAvL045T+AhHKiWm+5F0gHh865lymeDn34 KIublRlsYus5cbYEQaLyn6rIiy2FsxuUz/OeLuUX7Tu2cDq3qNgD1l2ZTajiVuix 5afkenNTbm7vdTVcVdYxhv2QM9Jq+lPOoln8Kq1jiyUmDMnEnI0pWA== =CH0f -----END PGP SIGNATURE-----
Current thread:
- CVE Request: DB credentials disclosure in MantisBT's unattended upgrade script Damien Regad (Nov 29)
- Re: CVE Request: DB credentials disclosure in MantisBT's unattended upgrade script cve-assign (Dec 05)