NASLDB: RT < 3.8.12 / 4.0.6 Multiple Vulnerabilities
General
ID: 61434
Name: RT < 3.8.12 / 4.0.6 Multiple Vulnerabilities
Summary: Checks the version of RT
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Temporal Vector: CVSS2#E:U/RL:OF/RC:C
Port: 80
Family: CGI abuses
Type: Remote
Description
According to its self-reported version number, the installation of RT
(Request Tracker) hosted on the remote web server is affected by
multiple vulnerabilities :
– The application’s ‘vulnerable-passwords’ script in RT
versions 3.x and above fails to upgrade passwords of
disabled users. (CVE-2011-2082)
– RT versions 3.x and above are prone to multiple
cross-site scripting vulnerabilities. An attacker can
utilize these to execute script code with the user’s
credentials. (CVE-2011-2083)
– RT versions 3.x and above are prone to multiple
information disclosure vulnerabilities.
(CVE-2011-2084)
– All publicly released versions of the application are
vulnerable to cross-site request forgery (CSRF).
(CVE-2011-2085)
– RT versions 3.6.x and above are affected by a remote
code execution vulnerability if the optional VERP
configuration options ($VERPPrefix and $VERPDomain)
are enabled. (CVE-2011-4458)
– RT versions 3.x and above may allow rights that a user
only has by way of a currently-disabled group.
(CVE-2011-4459)
– RT versions 2.x and above are vulnerable to SQL
injection attacks that can allow privileged users to
obtain arbitrary information from the database.
(CVE-2011-4460)
– RT versions 3.8.x / 4.x and above allow remote attackers
to execute arbitrary code and gain privileges via
unspecified vectors. (CVE-2011-5092)
– RT versions 4.x and above do not properly implement the
‘DisallowExecuteCode’ option, which allows remote,
authenticated users to bypass intended access
restrictions and execute arbitrary code by leveraging
access to a privileged account. (CVE-2011-5093)
Note that Nessus has not tested for these issues but has relied only
on the application’s self-reported version number.
Exploiting
Exploit Available: False
Exploitability Ease: No known exploits are available
Sources
CVE: CVE-2011-2082
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: 2012/05/22
Patch Release: 2012/05/22
Plugin Release: 2012/08/06
Plugin
Version: 1.3
Filename: rt_3_8_12_or_4_0_6.nasl
Filesize: 5587 bytes
MD5 Hash: e86f32b378ad84776dc871157ee37b11
Identification: –
Require Keys: www/rt", "Settings/ParanoidReport
Dependencies: "rt_detect.nasl"
Copyright: This script is Copyright© 2012 Tenable Network Security, Inc.
- Letzte Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack