Debian 7 DSA-2670-1 Moderate Security Update for Request Tracker
debian
May 22, 2013
Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system
Topics Covered
Summary
CVE-2013-3368
The rt command line tool uses semi-predictable temporary files. A
malicious user can use this flaw to overwrite files with permissions
of the user running the rt command line tool.
CVE-2013-3369
A malicious user who is allowed to see administration pages can run
arbitrary mason components (without control of arguments), which may
have negative side-effects.
CVE-2013-3370
Request Tracker allows direct requests to private callback
components, which could be used to exploit a Request Tracker
extension or a local callback which uses the arguments passed to it
insecurely.
CVE-2013-3371
Request Tracker is vulnerable to cross-site scripting attacks via
attachment filenames.
CVE-2013-3372
Dominic Hargreaves discovered that Request Tracker is vulnerable to
an HTTP header injection limited to the value of the
Content-Disposition header.
CVE-2013-3373
Request Tracker is vulnerable to a MIME header injection in outgoing
email generated...
PREVIOUS
NEXT
Package: request-tracker3.8
CVE ID: CVE-2013-3368 CVE-2013-3369 CVE-2013-3370 CVE-2013-3371
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!