LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: July 28th, 2014
Linux Advisory Watch: July 25th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: 2671-1: request-tracker4: Multiple vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system. The Common Vulnerabilities and Exposures project identifies the following problems: [More...]
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2671-1                   security@debian.org
http://www.debian.org/security/                      Salvatore Bonaccorso
May 22, 2013                           http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : request-tracker4
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2012-4733 CVE-2013-3368 CVE-2013-3369 CVE-2013-3370 
                 CVE-2013-3371 CVE-2013-3372 CVE-2013-3373 CVE-2013-3374

Multiple vulnerabilities have been discovered in Request Tracker, an
extensible trouble-ticket tracking system. The Common Vulnerabilities
and Exposures project identifies the following problems:

CVE-2012-4733

    A user with the ModifyTicket right can bypass the DeleteTicket right
    or any custom lifecycle transition rights and thus modify ticket data
    without authorization.

CVE-2013-3368

    The rt command line tool uses semi-predictable temporary files. A
    malicious user can use this flaw to overwrite files with permissions
    of the user running the rt command line tool.

CVE-2013-3369

    A malicious user who is allowed to see administration pages can run
    arbitrary mason components (without control of arguments), which may
    have negative side-effects.

CVE-2013-3370

    Request Tracker allows direct requests to private callback
    components, which could be used to exploit a Request Tracker
    extension or a local callback which uses the arguments passed to it
    insecurely.

CVE-2013-3371

    Request Tracker is vulnerable to cross-site scripting attacks via
    attachment filenames.

CVE-2013-3372

    Dominic Hargreaves discovered that Request Tracker is vulnerable to
    an HTTP header injection limited to the value of the
    Content-Disposition header.

CVE-2013-3373

    Request Tracker is vulnerable to a MIME header injection in outgoing
    email generated by Request Tracker.

    Request Tracker stock templates are resolved by this update. But any
    custom email templates should be updated to ensure that values
    interpolated into mail headers do not contain newlines.

CVE-2013-3374

    Request Tracker is vulnerable to limited session re-use when using
    the file-based session store, Apache::Session::File. However Request
    Tracker's default session configuration only uses
    Apache::Session::File when configured for Oracle databases.

This version of Request Tracker includes a database content upgrade. If
you are using a dbconfig-managed database, you will be offered the
choice of applying this automatically. Otherwise see the explanation in
/usr/share/doc/request-tracker4/NEWS.Debian.gz for the manual steps to
perform.

Please note that if you run request-tracker4 under the Apache web
server, you must stop and start Apache manually. The "restart" mechanism
is not recommended, especially when using mod_perl or any form of
persistent perl process such as FastCGI or SpeedyCGI.

For the stable distribution (wheezy), these problems have been fixed in
version 4.0.7-5+deb7u2.

For the testing distribution (jessie), these problems will be fixed
soon.

For the unstable distribution (sid), these problems have been fixed in
version 4.0.12-2.

We recommend that you upgrade your request-tracker4 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
DARPA-derived secure microkernel goes open source tomorrow
Hacker Gary McKinnon turns into a search expert
Hackers seed Amazon cloud with potent denial-of-service bots
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.