lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1029242982.18539.17.camel@atlas>
From: tharbad at kaotik.org (Joao Gouveia)
Subject: mantisbt security flaw

Hi,

Mantis is php/MySQL/web based bug tracking system, available at
http://mantisbt.sourceforge.net/.
It currently suffers from a classical PHP bad coding practice (altough i
would bet on distraction for this particular situation ), that may
result on remote command execution via a include file.

Users affected should aply the quick fix bellow, other acordingly, or
update mantisbt via CVS.
Affected versions should include the latest available for download ( at
the time of writing, 0.17.3), as well as the previous ones that include
the jpgraph feature.


Regards,

Joao Gouveia
------------
tharbad@...tik.org


-----Original Message-----
From: mantisbt-announce-admin@...ts.sourceforge.net
[mailto:mantisbt-announce-admin@...ts.sourceforge.net] On Behalf Of
Kenzaburo Ito
Sent: Tuesday, August 13, 2002 02:34
To: mantisbt-announce@...ts.sourceforge.net
Subject: [Mantisbt-announce] Security Advisory


All,

There is a security hole in summary_graph_functions.php.  Users may be
able to run code remotely.  To fix, insert these lines at the top:

if ( isset($HTTP_GET_VARS['g_jpgraph_path']) ||
        isset($HTTP_POST_VARS['g_jpgraph_path']) ||
        isset($HTTP_COOKIE_VARS['g_jpgraph_path']) ) {
                exit;
}

Thanks go to Joao Gouveia: tharbad@...tik.org

Thanks,
-Ken






Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ