Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.71478 |
Category: | Debian Local Security Checks |
Title: | Debian Security Advisory DSA 2500-1 (mantis) |
Summary: | The remote host is missing an update to mantis;announced via advisory DSA 2500-1. |
Description: | Summary: The remote host is missing an update to mantis announced via advisory DSA 2500-1. Vulnerability Insight: Several vulnerabilities were discovered in Mantis, am issue tracking system. CVE-2012-1118 Mantis installation in which the private_bug_view_threshold configuration option has been set to an array value do not properly enforce bug viewing restrictions. CVE-2012-1119 Copy/clone bug report actions fail to leave an audit trail. CVE-2012-1120 The delete_bug_threshold/bugnote_allow_user_edit_delete access check can be bypassed by users who have write access to the SOAP API. CVE-2012-1122 Mantis performed access checks incorrectly when moving bugs between projects. CVE-2012-1123 A SOAP client sending a null password field can authenticate as the Mantis administrator. CVE-2012-2692 Mantis does not check the delete_attachments_threshold permission when a user attempts to delete an attachment from an issue. For the stable distribution (squeeze), these problems have been fixed in version 1.1.8+dfsg-10squeeze2. For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 1.2.11-1. Solution: We recommend that you upgrade your mantis packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2012-1118 BugTraq ID: 52313 http://www.securityfocus.com/bid/52313 Debian Security Information: DSA-2500 (Google Search) http://www.debian.org/security/2012/dsa-2500 http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092926.html http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093064.html http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093063.html http://security.gentoo.org/glsa/glsa-201211-01.xml http://www.openwall.com/lists/oss-security/2012/03/06/9 http://secunia.com/advisories/48258 http://secunia.com/advisories/49572 http://secunia.com/advisories/51199 Common Vulnerability Exposure (CVE) ID: CVE-2012-1119 Common Vulnerability Exposure (CVE) ID: CVE-2012-1120 Common Vulnerability Exposure (CVE) ID: CVE-2012-1122 Common Vulnerability Exposure (CVE) ID: CVE-2012-1123 Common Vulnerability Exposure (CVE) ID: CVE-2012-2692 BugTraq ID: 53921 http://www.securityfocus.com/bid/53921 http://www.openwall.com/lists/oss-security/2012/06/09/1 http://www.openwall.com/lists/oss-security/2012/06/11/6 |
Copyright | Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |