Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

Gentoo: GLSA-202311-02 Normal: MantisBT Local File Existence Vulnerability

gentoo
Calendar Grey November 8, 2012
Dist Gentoo Esm H88
Numerous security flaws identified in MantisBT could lead to local file inclusion and directory traversal exploits on Gentoo platforms.
Multiple vulnerabilities have been found in MantisBT, the worst of which allowing for local file inclusion.

Summary

Multiple vulnerabilities have been discovered in MantisBT. Please review the CVE identifiers referenced below for details.

Topics%20covered

Topics Covered

security advisory gentoo directory traversal web application file inclusion normal mantisbt

Resolution

All MantisBT users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/mantisbt-1.2.11"

References

[ 1 ] CVE-2010-3303 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3303 [ 2 ] CVE-2010-3763 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3763 [ 3 ] CVE-2010-4348 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4348 [ 4 ] CVE-2010-4349 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4349 [ 5 ] CVE-2010-4350 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4350 [ 6 ] CVE-2011-2938 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2938 [ 7 ] CVE-2011-3356 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3356 [ 8 ] CVE-2011-3357 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3357 [ 9 ] CVE-2011-3358 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3358 [ 10 ] CVE-2011-3578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3578 [ 11 ] CVE-2011-3755 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3755 [ 12 ] CVE-2012-1118 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1118 [ 13 ] CVE-2012-1119 http://nvd.nist.gov/nvd.cfm?cvena...

Read the Full Advisory

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201211-01
style>.gentoo_availability{display:block;}

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity: Normal
Title: MantisBT: Multiple vulnerabilities
Date: November 08, 2012
Bugs: #348761, #381417, #386153, #407121, #420375
ID: 201211-01

Topics%20covered

Topics Covered

security advisory gentoo directory traversal web application file inclusion normal mantisbt

Synopsis

Multiple vulnerabilities have been found in MantisBT, the worst of which allowing for local file inclusion.

Background

MantisBT is a PHP/MySQL/Web based bugtracking system.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/mantisbt < 1.2.11 >= 1.2.11

Impact

===== A remote attacker could exploit these vulnerabilities to conduct directory traversal attacks, disclose the contents of local files, inject arbitrary web scripts, obtain sensitive information, bypass authentication and intended access restrictions, or manipulate bugs and attachments.

Workaround

There is no known workaround at this time.

Related News

Your message here