Date: Mon, 11 Jun 2012 10:42:35 -0600 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: David Hicks <d@...id.au>, MantisBT Developer Mailing List <mantisbt-dev@...ts.sourceforge.net> Subject: Re: CVE requests (x2) for Mantis Bug Tracker (MantisBT) before 1.2.11 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/09/2012 02:19 AM, David Hicks wrote: > CVE REQUEST #1 > > Title: Reporters can edit arbitrary bugnotes via SOAP API Affected: > MantisBT 1.2.10 and earlier versions Not affected: MantisBT 1.2.11 > > Description: Roland Becker and Damien Regad (MantisBT developers) > found that any user able to report issues via the SOAP interface > could also modify any bugnotes (comments) created by other users. > In a default/typical MantisBT installation, SOAP API is enabled and > any user can sign up to report new issues. This vulnerability > therefore impacts upon many public facing MantisBT installations. > > References:  http://www.mantisbt.org/bugs/view.php?id=14340 Please use CVE-2012-2691 for this issue. > CVE REQUEST #2 > > Title: delete_attachments_threshold not checked on attachment > deletion Affected: MantisBT 1.2.10 and earlier versions Not > affected: MantisBT 1.2.11 > > Description: Roland Becker (MantisBT developer) found that the > delete_attachments_threshold permission was not being checked when > a user attempted to delete an attachment from an issue. The more > generic update_bug_threshold permission was being checked instead. > MantisBT administrators may have been under the false impression > that their configuration of the delete_attachments_threshold was > successfully preventing unwanted users from deleting attachments. > > References:  http://www.mantisbt.org/bugs/view.php?id=14016 Please use CVE-2012-2692 for this issue. > With thanks, David Hicks MantisBT Developer #mantisbt > irc.freenode.net http://www.mantisbt.org/bugs/ > - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJP1h/7AAoJEBYNRVNeJnmT8w8QAKahNEkjgTSY7YvMkD0H3VKn NqfaAUapbeVqbeALakhUtZzRy6ZaVP8PxRFJi8rSHTtRuUbOYUa0O+yiGBL2euHr NUcxLMWHx3l1aDzEMztGAzIt1qns/znUnI1q/bWkxB2T9EdIFmQ91FPJ2YQOU3Fk Mqa5yDRFQTHmqOvMeY/gExPoRIeuHfsrgLAc7Jeq6D5k+TzKBYkclCwDleFMyh2k zF6BdKlOFffWp+PjWLp7xOtRm3Lbea3CZXAx+2pW74REGFB5LEzaqKhSoUk1AVL3 5xrUbcp+Dt0IZX2adC8Kckx3qIxys4VxeAOsy2pkqtD+Hn3RI1qdLWtPyANPywn1 DKh7toKmZo/LjByZHxhnSEbarPyaorTh8dh9FuqxcZFrs1Oxmb7VMOU4xGQZnrGf 1X5FOBRXHFnCXgvhfpvTDfyUoyWLvp8NsxIxRZhAq0IHdirqIO6huh2+eWPiqv3c eDiVu648oiyhnxzJcEJRczXUZKxRxe0yxza8s+pdHtaHZ3jXD9pM/DIssD3mtwFk VCAoRKAdxi5HCKVSZXyMPs7SlPZld8eXzpi7uqgncGiiSA8dt+F3TZCgS0llG/j2 87/r1CpXb43/sjok9GxQzU3B11/frzQPg+9ddgyXHn2WakXnVxqxosNZhVE9fJ+f Q+FtswtJ5cOR7CWjS8CM =xLig -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ