Bug 169220 - File inclusion, upload, XSS, and SQL injection vulnerabilities
Summary: File inclusion, upload, XSS, and SQL injection vulnerabilities
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: mantis
Version: 4
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Gianluca Sforna
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-09-25 09:26 UTC by Ville Skyttä
Modified: 2007-11-30 22:11 UTC (History)
3 users (show)

Fixed In Version: 0.19.4-1
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-10-20 22:51:44 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Ville Skyttä 2005-09-25 09:26:36 UTC 
http://secunia.com/advisories/16506/
http://www.gentoo.org/security/en/glsa/glsa-200509-16.xml
Comment 1 Ville Skyttä 2005-10-22 07:38:26 UTC 
ping
Comment 2 Ville Skyttä 2005-10-26 21:13:17 UTC 
...and the newest one, rated highly critical: 
http://secunia.com/advisories/16818/
Comment 3 Ville Skyttä 2005-12-22 22:26:31 UTC 
There's more: 0.19.4 fixes:

- #0006419: [security] File Upload Vulnerability (TKADV2005-11-002) (thraxisp)
- #0006420: [security] Injection Vulnerabilities in Filters (TKADV2005-11-002)
(thraxisp)
- #0006457: [security] SQL Injection in manage user page (TKADV2005-11-002)
(vboctor)
- #0006460: [security] HTTP Header CRLF Injection (TKADV2005-11-002) (vboctor)
- #0006486: [security] Port XSS Vulnerability in filters (TKADV2005-11-002)
(thraxisp)

http://seclists.org/lists/fulldisclosure/2005/Dec/1214.html
Comment 4 Roozbeh Pournader 2006-01-02 10:37:54 UTC 
Extras currently has mantis-0.19.4-1.fc4. So most of these are irrelevant.

> http://www.gentoo.org/security/en/glsa/glsa-200509-16.xml

This is only for < 0.19.2.

> http://secunia.com/advisories/16818/

This is only for < 0.19.3.

> http://seclists.org/lists/fulldisclosure/2005/Dec/1214.html

Again, these are for < 0.19.4.

> http://secunia.com/advisories/16506/

In this, it says that from the five vulnerabilities listed, three are fixed in
0.19.3. Ville, would you please investigate the other two (#3 and #4 in the
referred page) further?
Comment 5 Ville Skyttä 2006-01-02 15:55:14 UTC 
(In reply to comment #4)
> Extras currently has mantis-0.19.4-1.fc4. So most of these are irrelevant.

They were not irrelevant at the time I reported them :)

> Ville, would you please investigate the other two (#3 and #4 in the
> referred page) further?

Sorry, I don't have time for that (I don't have any use for mantis myself); I'm
just reporting security bugs I happen to notice somewhere that don't seem to be
fixed in Extras.
Comment 6 Dennis Gilmore 2006-03-09 19:12:19 UTC 
Enrico  can i please ask you to check on the last few remaining issues here 
please?
Comment 7 Dennis Gilmore 2006-09-15 15:03:23 UTC 
Enrico,

Please ensure that all issues are fixed.  

If not I will request that mantis be removed from extras for FC-6
Comment 8 Ville Skyttä 2006-10-10 17:48:21 UTC 
Reassign to current maintainer.
Comment 9 Gianluca Sforna 2006-10-20 22:51:44 UTC 
I had a look at the reports: what I understand is that all issues are addressed
in the currently distributed versions.

The only unsure reports are #3 and #4 in

http://secunia.com/advisories/16506/

but it looks like they are not detailed enough to understand how/if the app is
vulnerable.

closing CURRENTRELEASE
Note You need to log in before you can comment on or make changes to this bug.