[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20140208134950.GI10484@core.inversepath.com>
Date: Sat, 8 Feb 2014 14:49:50 +0100
From: Andrea Barisani <lcars@...rt.org>
To: oss-security@...ts.openwall.com, ocert-announce@...ts.ocert.org,
bugtraq@...urityfocus.com
Subject: [oCERT-2014-001] MantisBT input sanitization errors
#2014-001 MantisBT input sanitization errors
Description:
The MantisBT web-based bugtracking system suffers from SQL injection
vulnerabilities caused by insufficient input sanitization.
The MantisBT SOAP API uses the unsafe db_query() function allowing a
specially crafted tag within the envelope of a mc_issue_attachment_get SOAP
request to inject arbitrary SQL queries.
The reporting of this specific issue was followed by an investigation that
lead to additional cases of unsafe db_query() function use, being found by
MantisBT maintainers, throughout MantisBT code.
Affected version:
MantisBT >= 1.1.0a4, <= 1.2.15
Fixed version:
MantisBT >= 1.2.16
Credit: vulnerability report received from Martin Herfurt <martin.herfurt AT
nruns.com>.
CVE: CVE-2014-1608 (SOAP), CVE-2014-1609 (additional SQL injections)
Timeline:
2014-01-17: vulnerability report received
2014-01-17: contacted MantisBT maintainer
2014-01-17: maintainer provides patch for review
2014-01-18: contacted affected vendors
2014-01-19: assigned CVEs
2014-02-08: MantisBT 1.2.16 released
2014-02-08: advisory release
References:
http://www.mantisbt.org
http://www.mantisbt.org/bugs/view.php?id=16879
http://www.mantisbt.org/bugs/view.php?id=16880
http://github.com/mantisbt/mantisbt/commit/00b4c17088fa56594d85fe46b6c6057bb3421102
http://github.com/mantisbt/mantisbt/commit/7efe0175f0853e18ebfacedfd2374c4179028b3f
Permalink:
http://www.ocert.org/advisories/ocert-2014-001.html
--
Andrea Barisani | Founder & Project Coordinator
oCERT | OSS Computer Security Incident Response Team
<lcars@...rt.org> http://www.ocert.org
0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
"Pluralitas non est ponenda sine necessitate"
Powered by blists - more mailing lists