Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: March 27th, 2015
Linux Security Week: March 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Debian: 2670-1: request-tracker3.8: Multiple vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system. The Common Vulnerabilities and Exposures project identifies the following problems: [More...]
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2670-1                               Salvatore Bonaccorso
May 22, 2013                 
- -------------------------------------------------------------------------

Package        : request-tracker3.8
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2013-3368 CVE-2013-3369 CVE-2013-3370 CVE-2013-3371 
                 CVE-2013-3372 CVE-2013-3373 CVE-2013-3374

Multiple vulnerabilities have been discovered in Request Tracker, an
extensible trouble-ticket tracking system. The Common Vulnerabilities
and Exposures project identifies the following problems:


    The rt command line tool uses semi-predictable temporary files. A
    malicious user can use this flaw to overwrite files with permissions
    of the user running the rt command line tool.


    A malicious user who is allowed to see administration pages can run
    arbitrary mason components (without control of arguments), which may
    have negative side-effects.


    Request Tracker allows direct requests to private callback
    components, which could be used to exploit a Request Tracker
    extension or a local callback which uses the arguments passed to it


    Request Tracker is vulnerable to cross-site scripting attacks via
    attachment filenames.


    Dominic Hargreaves discovered that Request Tracker is vulnerable to
    an HTTP header injection limited to the value of the
    Content-Disposition header.


    Request Tracker is vulnerable to a MIME header injection in outgoing
    email generated by Request Tracker.

    Request Tracker stock templates are resolved by this update. But any
    custom email templates should be updated to ensure that values
    interpolated into mail headers do not contain newlines.


    Request Tracker is vulnerable to limited session re-use when using
    the file-based session store, Apache::Session::File. However Request
    Tracker's default session configuration only uses
    Apache::Session::File when configured for Oracle databases.

This version of Request Tracker includes a database content upgrade. If
you are using a dbconfig-managed database, you will be offered the
choice of applying this automatically. Otherwise see the explanation in
/usr/share/doc/request-tracker3.8/NEWS.Debian.gz for the manual steps to

Please note that if you run request-tracker3.8 under the Apache web
server, you must stop and start Apache manually. The "restart" mechanism
is not recommended, especially when using mod_perl or any form of
persistent perl process such as FastCGI or SpeedyCGI.

For the oldstable distribution (squeeze), these problems have been fixed in
version 3.8.8-7+squeeze7.

The stable, testing and unstable distributions do not contain anymore
request-tracker3.8, which is replaced by request-tracker4.

We recommend that you upgrade your request-tracker3.8 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at:

Mailing list:
< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
FBI Quietly Removes Recommendation To Encrypt Your Phone
And the prize for LEAST SECURE BROWSER goes to ... Chrome!
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.