Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title MantisBT: Multiple vulnerabilities
Informations
Name GLSA-201211-01 First vendor Publication 2012-11-08
Vendor Gentoo Last vendor Modification 2012-11-08
Severity (Vendor) Normal Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities have been found in MantisBT, the worst of which allowing for local file inclusion.

Background

MantisBT is a PHP/MySQL/Web based bugtracking system.

Description

Multiple vulnerabilities have been discovered in MantisBT. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could exploit these vulnerabilities to conduct directory traversal attacks, disclose the contents of local files, inject arbitrary web scripts, obtain sensitive information, bypass authentication and intended access restrictions, or manipulate bugs and attachments.

Workaround

There is no known workaround at this time.

Resolution

All MantisBT users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/mantisbt-1.2.11"

References

[ 1 ] CVE-2010-3303 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3303
[ 2 ] CVE-2010-3763 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3763
[ 3 ] CVE-2010-4348 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4348
[ 4 ] CVE-2010-4349 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4349
[ 5 ] CVE-2010-4350 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4350
[ 6 ] CVE-2011-2938 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2938
[ 7 ] CVE-2011-3356 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3356
[ 8 ] CVE-2011-3357 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3357
[ 9 ] CVE-2011-3358 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3358
[ 10 ] CVE-2011-3578 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3578
[ 11 ] CVE-2011-3755 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3755
[ 12 ] CVE-2012-1118 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1118
[ 13 ] CVE-2012-1119 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1119
[ 14 ] CVE-2012-1120 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1120
[ 15 ] CVE-2012-1121 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1121
[ 16 ] CVE-2012-1122 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1122
[ 17 ] CVE-2012-1123 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1123
[ 18 ] CVE-2012-2691 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2691
[ 19 ] CVE-2012-2692 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2692

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201211-01.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201211-01.xml

CWE : Common Weakness Enumeration

% Id Name
37 % CWE-264 Permissions, Privileges, and Access Controls
37 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
11 % CWE-200 Information Exposure
11 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)
5 % CWE-287 Improper Authentication

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:15100
 
Oval ID: oval:org.mitre.oval:def:15100
Title: DSA-2308-1 mantis -- several
Description: Several vulnerabilities were found in Mantis, a web-based bug tracking system: Insufficient input validation could result in local file inclusion and cross-site scripting.
Family: unix Class: patch
Reference(s): DSA-2308-1
CVE-2011-3357
CVE-2011-3358
 Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
 Product(s): mantis
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19825
 
Oval ID: oval:org.mitre.oval:def:19825
Title: DSA-2500-1 mantis - several
Description: Several vulnerabilities were discovered in Mantis, an issue tracking system.
Family: unix Class: patch
Reference(s): DSA-2500-1
CVE-2012-1118
CVE-2012-1119
CVE-2012-1120
CVE-2012-1122
CVE-2012-1123
CVE-2012-2692
 Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
 Product(s): mantis
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 69

OpenVAS Exploits

Date Description
2012-11-26 Name : Fedora Update for mantis FEDORA-2012-18299
File : nvt/gb_fedora_2012_18299_mantis_fc16.nasl
2012-11-26 Name : Fedora Update for mantis FEDORA-2012-18294
File : nvt/gb_fedora_2012_18294_mantis_fc17.nasl
2012-11-16 Name : Gentoo Security Advisory GLSA 201211-01 (MantisBT)
File : nvt/glsa_201211_01.nasl
2012-08-10 Name : Debian Security Advisory DSA 2500-1 (mantis)
File : nvt/deb_2500_1.nasl
2012-08-10 Name : FreeBSD Ports: mantis
File : nvt/freebsd_mantis6.nasl
2012-03-19 Name : Fedora Update for mantis FEDORA-2011-12336
File : nvt/gb_fedora_2011_12336_mantis_fc16.nasl
2011-09-30 Name : MantisBT Multiple Local File Include and Cross Site Scripting Vulnerabilities
File : nvt/secpod_mantis_mult_lfi_n_xss_vuln.nasl
2011-09-21 Name : Debian Security Advisory DSA 2308-1 (mantis)
File : nvt/deb_2308_1.nasl
2011-09-21 Name : FreeBSD Ports: mantis
File : nvt/freebsd_mantis5.nasl
2011-09-20 Name : Fedora Update for mantis FEDORA-2011-12369
File : nvt/gb_fedora_2011_12369_mantis_fc15.nasl
2011-08-19 Name : MantisBT Cross Site Scripting and SQL Injection Vulnerabilities
File : nvt/gb_mantis_49235.nasl
2011-01-08 Name : MantisBT Multiple Vulnerabilities
File : nvt/gb_mantisbt_mult_vuln.nasl
2011-01-04 Name : Fedora Update for mantis FEDORA-2010-19070
File : nvt/gb_fedora_2010_19070_mantis_fc13.nasl
2011-01-04 Name : Fedora Update for mantis FEDORA-2010-19078
File : nvt/gb_fedora_2010_19078_mantis_fc14.nasl
2010-12-02 Name : Fedora Update for mantis FEDORA-2010-15061
File : nvt/gb_fedora_2010_15061_mantis_fc14.nasl
2010-10-08 Name : MantisBT Multiple Cross-site scripting Vulnerabilities
File : nvt/gb_mantis_mult_xss_vuln.nasl
2010-10-01 Name : Fedora Update for mantis FEDORA-2010-15082
File : nvt/gb_fedora_2010_15082_mantis_fc13.nasl
2010-10-01 Name : Fedora Update for mantis FEDORA-2010-15080
File : nvt/gb_fedora_2010_15080_mantis_fc12.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
75829 MantisBT Multiple Script Direct Request Path Disclosure
75646 MantisBT bugs/plugin.php URI XSS

MantisBT contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input appended to the URL upon submission to the 'bugs/plugin.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
75296 MantisBT bug_actiongroup_page.php action Parameter XSS

MantisBT contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'action' parameter upon submission to the bug_actiongroup_page.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
75295 MantisBT bug_actiongroup_ext_page.php action Parameter XSS

MantisBT contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'action' parameter upon submission to the bug_actiongroup_ext_page.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
75131 MantisBT bug_update_advanced_page.php Multiple Parameter XSS

MantisBT contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'os', 'os_build' and 'platform' parameters upon submission to the bug_update_advanced_page.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
75130 MantisBT manage_config_workflow_page.php URI XSS

MantisBT contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input appended to the URL upon submission to the manage_config_workflow_page.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
75129 MantisBT manage_config_email_page.php URI XSS

MantisBT contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input appended to the URL upon submission to the manage_config_email_page.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
75128 MantisBT bug_actiongroup_page.php action Parameter Traversal Local File Inclu...

MantisBT contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the bug_actiongroup_page.php script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'action' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.
75127 MantisBT bug_actiongroup_ext_page.php action Parameter Traversal Local File I...

MantisBT contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the bug_actiongroup_ext_page.php script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'action' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.
75126 MantisBT bug_report_page.php Multiple Parameter XSS

MantisBT contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'os', 'os_build' and 'platform' parameters upon submission to the bug_report_page.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
74566 MantisBT search.php project_id Parameter XSS

MantisBT contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'project_id' parameter upon submission to the search.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
70157 MantisBT admin/upgrade_unattended.php db_type Parameter Traversal Local File ...

MantisBT contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the admin/upgrade_unattended.php script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'db_type' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.
70156 MantisBT admin/upgrade_unattended.php db_type Parameter Path Disclosure

MantisBT contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker supplies an invalid 'db_type' parameter to the admin/upgrade_unattended.php script, which discloses the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.
70155 MantisBT admin/upgrade_unattended.php db_type Parameter XSS

[MantisBT contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'db_type' parameter upon submission to the admin/upgrade_unattended.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
68391 MantisBT core/summary_api.php Summary Field XSS
68390 MantisBT print_all_bug_page_word.php Project / Category Name XSS
68389 MantisBT core/cfdefs/cfdef_standard.php Custom Field Value XSS
68388 MantisBT manage_plugin_uninstall.php Plugin Name XSS

Nessus® Vulnerability Scanner

Date Description
2012-11-26 Name : The remote Fedora host is missing a security update.
File : fedora_2012-18273.nasl - Type : ACT_GATHER_INFO
2012-11-26 Name : The remote Fedora host is missing a security update.
File : fedora_2012-18294.nasl - Type : ACT_GATHER_INFO
2012-11-26 Name : The remote Fedora host is missing a security update.
File : fedora_2012-18299.nasl - Type : ACT_GATHER_INFO
2012-11-09 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201211-01.nasl - Type : ACT_GATHER_INFO
2012-06-29 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2500.nasl - Type : ACT_GATHER_INFO
2012-06-13 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_55587adbb49d11e18df10004aca374af.nasl - Type : ACT_GATHER_INFO
2011-10-03 Name : The remote Fedora host is missing a security update.
File : fedora_2011-12336.nasl - Type : ACT_GATHER_INFO
2011-09-19 Name : The remote Fedora host is missing a security update.
File : fedora_2011-12369.nasl - Type : ACT_GATHER_INFO
2011-09-13 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2308.nasl - Type : ACT_GATHER_INFO
2011-09-06 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_a83f25dfd77511e08bf1003067b2972c.nasl - Type : ACT_GATHER_INFO
2011-01-03 Name : The remote Fedora host is missing a security update.
File : fedora_2010-19070.nasl - Type : ACT_GATHER_INFO
2011-01-03 Name : The remote Fedora host is missing a security update.
File : fedora_2010-19078.nasl - Type : ACT_GATHER_INFO
2010-12-22 Name : The remote web server contains a web application that is susceptible to a loc...
File : mantis_db_type_lfi.nasl - Type : ACT_ATTACK
2010-10-06 Name : The remote Fedora host is missing a security update.
File : fedora_2010-15061.nasl - Type : ACT_GATHER_INFO
2010-10-06 Name : The remote Fedora host is missing a security update.
File : fedora_2010-15080.nasl - Type : ACT_GATHER_INFO
2010-10-06 Name : The remote Fedora host is missing a security update.
File : fedora_2010-15082.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-02-17 11:37:38
  • Multiple Updates
2012-11-08 21:18:54
  • First insertion