Executive Summary
| Summary | |
|---|---|
| Title | New Mantis package fixes privilege escalation |
| Informations | |||
|---|---|---|---|
| Name | DSA-161 | First vendor Publication | 2002-09-04 |
| Vendor | Debian | Last vendor Modification | 2002-09-04 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A problem with user privileges has been discovered in the Mantis package, a PHP based bug tracking system. The Mantis system didn't check whether a user is permitted to view a bug, but displays it right away if the user entered a valid bug id. Another bug in Mantis caused the 'View Bugs' page to list bugs from both public and private projects when no projects are accessible to the current user. These problems have been fixed in version 0.17.1-2.5 for the current stable distribution (woody) and in version 0.17.5-2 for the unstable distribution (sid). The old stable distribution (potato) is not affected, since it doesn't contain the mantis package. We recommend that you upgrade your mantis packages. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody |
Original Source
| Url : http://www.debian.org/security/2002/dsa-161 |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 6 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-01-17 | Name : Debian Security Advisory DSA 161-1 (mantis) File : nvt/deb_161_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 6210 | Mantis view_all_bug_page.php Private Bug Information Disclosure |
| 6209 | Mantis view_bug_page.php f_id Variable Information Disclosure Mantis contains a flaw that may lead to an unauthorized information disclosure. This flaw exists because the application does not validate the 'f_id' variable upon submission to the 'view_bug_page.php' script. With a specially crafted URL request containing a valid bug ID, a remote attacker could view private bugs resulting in a loss of confidentiality. |
| 6208 | Mantis view_bug_advanced_page.php f_id Variable Information Disclosure Mantis contains a flaw that may lead to an unauthorized information disclosure. This flaw exists because the application does not validate the 'f_id' variable upon submission to the 'view_bug_advanced_page.php' script. With a specially crafted URL request containing a valid bug ID, a remote attacker could view private bugs resulting in a loss of confidentiality. |
| 6207 | Mantis bug_update_page.php f_id Variable Information Disclosure Mantis contains a flaw that may lead to an unauthorized information disclosure. This flaw exists because the application does not validate the 'f_id' variable upon submission to the 'bug_update_page.php' script. With a specially crafted URL request containing a valid bug ID, a remote attacker could view private bugs resulting in a loss of confidentiality. |
| 6206 | Mantis bug_update_advanced_page.php f_id Variable Information Disclosure Mantis contains a flaw that may lead to an unauthorized information disclosure. This flaw exists because the application does not validate the 'f_id' variable upon submission to the 'bug_update_advanced_page.php' script. With a specially crafted URL request containing a valid bug ID, a remote attacker could view private bugs resulting in a loss of confidentiality. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-161.nasl - Type : ACT_GATHER_INFO |
| 2003-05-27 | Name : The remote web server contains a PHP application that is affected by several ... File : mantis_multiple_vulns.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:27:46 |
|
