Bug 828512 - (CVE-2011-5092) CVE-2011-5092 rt3: remote arbitrary code execution and privilege elevation flaw
CVE-2011-5092 rt3: remote arbitrary code execution and privilege elevation flaw
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 828517
  Show dependency treegraph
Reported: 2012-06-04 16:09 EDT by Vincent Danen
Modified: 2015-08-24 11:55 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2015-08-24 11:55:38 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2012-06-04 16:09:12 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-5092 to
the following vulnerability:

Name: CVE-2011-5092
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5092
Assigned: 20120604
Reference: http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html
Reference: http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html
Reference: http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html

Best Practical Solutions RT 3.8.x before 3.8.12 and 4.x before 4.0.6
allows remote attackers to execute arbitrary code and gain privileges
via unspecified vectors, a different vulnerability than CVE-2011-4458
and CVE-2011-5093.

Current Fedora has 3.8.12 (3.8.13 in testing), however EPEL6 currently provides 3.8.10 and requires an update.  It's not specified as to whether 3.6.x is affected (which is what is shipped in EPEL5).
Comment 1 Vincent Danen 2012-06-04 16:14:00 EDT
Created rt3 tracking bugs for this issue

Affects: epel-6 [bug 828517]
Comment 2 Fedora Update System 2012-07-31 12:58:25 EDT
rt3-3.8.13-1.el6.2 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 3 Tomas Hoger 2014-08-08 11:24:38 EDT
(In reply to Vincent Danen from comment #0)
> It's not specified as to whether 3.6.x is affected (which is what is
> shipped in EPEL5).

This CVE is not mentioned in upstream announcements at all, andis apparently a split off from CVE-2011-4458 mentioned by upstream:

  RT versions 3.6.1 and above are vulnerable to a remote execution of code
  vulnerability if the optional VERP configuration options ($VERPPrefix
  and $VERPDomain) are enabled.  RT 3.8.0 and higher are vulnerable to a
  limited remote execution of code which can be leveraged for privilege
  escalation.  RT 4.0.0 and above contain a vulnerability in the global
  $DisallowExecuteCode option, allowing sufficiently privileged users to
  still execute code even if RT was configured to not allow it.
  CVE-2011-4458 is assigned to this set of vulnerabilities.

As CVE-2011-4458 was used for 3 separate issues, each affecting different versions, it got split by Mitre as:

- CVE-2011-4458 for the VERP issue, affecting 3.6.1+
- CVE-2011-5092 for the limited code execution issue in 3.8.0+
- CVE-2011-5093 for the DisallowExecuteCode issue in 4.0.0+

Hence this CVE-2011-5092 should not apply to 3.6.x in EPEL-5, but the CVE-2011-4458 (bug 824082) should, and remains unfixed.

Note You need to log in before you can comment on or make changes to this bug.