Bug 828512 (CVE-2011-5092) - CVE-2011-5092 rt3: remote arbitrary code execution and privilege elevation flaw
Summary: CVE-2011-5092 rt3: remote arbitrary code execution and privilege elevation flaw
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2011-5092
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 828517
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-06-04 20:09 UTC by Vincent Danen
Modified: 2019-09-29 12:53 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-08-24 15:55:38 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Vincent Danen 2012-06-04 20:09:12 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-5092 to
the following vulnerability:

Name: CVE-2011-5092
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5092
Assigned: 20120604
Reference: http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html
Reference: http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html
Reference: http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html

Best Practical Solutions RT 3.8.x before 3.8.12 and 4.x before 4.0.6
allows remote attackers to execute arbitrary code and gain privileges
via unspecified vectors, a different vulnerability than CVE-2011-4458
and CVE-2011-5093.


Current Fedora has 3.8.12 (3.8.13 in testing), however EPEL6 currently provides 3.8.10 and requires an update.  It's not specified as to whether 3.6.x is affected (which is what is shipped in EPEL5).
Comment 1 Vincent Danen 2012-06-04 20:14:00 UTC 
Created rt3 tracking bugs for this issue

Affects: epel-6 [bug 828517]
Comment 2 Fedora Update System 2012-07-31 16:58:25 UTC 
rt3-3.8.13-1.el6.2 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 3 Tomas Hoger 2014-08-08 15:24:38 UTC 
(In reply to Vincent Danen from comment #0)
> It's not specified as to whether 3.6.x is affected (which is what is
> shipped in EPEL5).

This CVE is not mentioned in upstream announcements at all, andis apparently a split off from CVE-2011-4458 mentioned by upstream:

  RT versions 3.6.1 and above are vulnerable to a remote execution of code
  vulnerability if the optional VERP configuration options ($VERPPrefix
  and $VERPDomain) are enabled.  RT 3.8.0 and higher are vulnerable to a
  limited remote execution of code which can be leveraged for privilege
  escalation.  RT 4.0.0 and above contain a vulnerability in the global
  $DisallowExecuteCode option, allowing sufficiently privileged users to
  still execute code even if RT was configured to not allow it.
  CVE-2011-4458 is assigned to this set of vulnerabilities.

As CVE-2011-4458 was used for 3 separate issues, each affecting different versions, it got split by Mitre as:

- CVE-2011-4458 for the VERP issue, affecting 3.6.1+
- CVE-2011-5092 for the limited code execution issue in 3.8.0+
- CVE-2011-5093 for the DisallowExecuteCode issue in 4.0.0+

Hence this CVE-2011-5092 should not apply to 3.6.x in EPEL-5, but the CVE-2011-4458 (bug 824082) should, and remains unfixed.
Note You need to log in before you can comment on or make changes to this bug.