Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 30 Oct 2014 21:54:52 +0100
From: Damien Regad <dregad@...tisbt.org>
To: oss-security@...ts.openwall.com
Subject: SQL injection vulnerability in MantisBT SOAP API

Description:

Several SQL injection vulnerabilities were identified in
CVE-2014-1609, and subsequently fixed in MantisBT release 1.2.16 [1].

However, it was recently discovered that the patch did not fully
address the original problem in the SOAP API. Research demonstrates
that using a specially crafted 'project id' parameter when calling
mc_project_get_attachments(), an attacker could still perform an SQL
injection.

Affected versions:
MantisBT >= 1.1.0a4, <= 1.2.17

Fixed in versions:
1.2.18 (not yet released)

Credit:
Issue was discovered by
- Edwin Gozeling and Wim Visser from ITsec Security Services BV
(http://www.itsec.nl)
- Paul Richards (former MantisBT developer)

References:
- further details, including patch available in our issue tracker [2] (

Please assign a CVE ID for this issue, which is a follow-up on
CVE-2014-1609 (the released fix of which was incomplete).

[1] http://www.mantisbt.org/bugs/view.php?id=16880
[2] http://www.mantisbt.org/bugs/view.php?id=17812

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ