FreeBSD Local Security Checks : FreeBSD Ports: mantis

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.71539

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: mantis

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: mantis

CVE-2012-2691
The mc_issue_note_update function in the SOAP API in MantisBT before
1.2.11 does not properly check privileges, which allows remote
attackers with bug reporting privileges to edit arbitrary bugnotes via
a SOAP request.
CVE-2012-2692
MantisBT before 1.2.11 does not check the delete_attachments_threshold
permission when form_security_validation is set to OFF, which allows
remote authenticated users with certain privileges to bypass intended
access restrictions and delete arbitrary attachments.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-2691
49414
http://secunia.com/advisories/49414
51199
http://secunia.com/advisories/51199
53907
http://www.securityfocus.com/bid/53907
56467
http://www.securityfocus.com/bid/56467
FEDORA-2012-18273
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092926.html
FEDORA-2012-18294
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093064.html
FEDORA-2012-18299
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093063.html
GLSA-201211-01
http://security.gentoo.org/glsa/glsa-201211-01.xml
[oss-security] 20120609 CVE requests (x2) for Mantis Bug Tracker (MantisBT) before 1.2.11
http://www.openwall.com/lists/oss-security/2012/06/09/1
[oss-security] 20120611 Re: CVE requests (x2) for Mantis Bug Tracker (MantisBT) before 1.2.11
http://www.openwall.com/lists/oss-security/2012/06/11/6
http://www.mantisbt.org/bugs/changelog_page.php?version_id=148
http://www.mantisbt.org/bugs/view.php?id=14340
https://github.com/mantisbt/mantisbt/commit/175d973105fe9f03a37ced537b742611631067e0
https://github.com/mantisbt/mantisbt/commit/edc8142bb8ac0ac0df1a3824d78c15f4015d959e
mantisbt-soapapi-sec-bypass(76180)
https://exchange.xforce.ibmcloud.com/vulnerabilities/76180
Common Vulnerability Exposure (CVE) ID: CVE-2012-2692
53921
http://www.securityfocus.com/bid/53921
http://www.mantisbt.org/bugs/view.php?id=14016
https://github.com/mantisbt/mantisbt/commit/ceafe6f0c679411b81368052633a63dd3ca06d9c

Copyright Copyright (C) 2012 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.71539
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: mantis
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: mantis CVE-2012-2691 The mc_issue_note_update function in the SOAP API in MantisBT before 1.2.11 does not properly check privileges, which allows remote attackers with bug reporting privileges to edit arbitrary bugnotes via a SOAP request. CVE-2012-2692 MantisBT before 1.2.11 does not check the delete_attachments_threshold permission when form_security_validation is set to OFF, which allows remote authenticated users with certain privileges to bypass intended access restrictions and delete arbitrary attachments. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-2691 49414 http://secunia.com/advisories/49414 51199 http://secunia.com/advisories/51199 53907 http://www.securityfocus.com/bid/53907 56467 http://www.securityfocus.com/bid/56467 FEDORA-2012-18273 http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092926.html FEDORA-2012-18294 http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093064.html FEDORA-2012-18299 http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093063.html GLSA-201211-01 http://security.gentoo.org/glsa/glsa-201211-01.xml [oss-security] 20120609 CVE requests (x2) for Mantis Bug Tracker (MantisBT) before 1.2.11 http://www.openwall.com/lists/oss-security/2012/06/09/1 [oss-security] 20120611 Re: CVE requests (x2) for Mantis Bug Tracker (MantisBT) before 1.2.11 http://www.openwall.com/lists/oss-security/2012/06/11/6 http://www.mantisbt.org/bugs/changelog_page.php?version_id=148 http://www.mantisbt.org/bugs/view.php?id=14340 https://github.com/mantisbt/mantisbt/commit/175d973105fe9f03a37ced537b742611631067e0 https://github.com/mantisbt/mantisbt/commit/edc8142bb8ac0ac0df1a3824d78c15f4015d959e mantisbt-soapapi-sec-bypass(76180) https://exchange.xforce.ibmcloud.com/vulnerabilities/76180 Common Vulnerability Exposure (CVE) ID: CVE-2012-2692 53921 http://www.securityfocus.com/bid/53921 http://www.mantisbt.org/bugs/view.php?id=14016 https://github.com/mantisbt/mantisbt/commit/ceafe6f0c679411b81368052633a63dd3ca06d9c
Copyright	Copyright (C) 2012 E-Soft Inc.