Bug 844454 (CVE-2012-2770) - CVE-2012-2770 RT::Authen::ExternalAuth: RSS feed URL session hijacking
Summary: CVE-2012-2770 RT::Authen::ExternalAuth: RSS feed URL session hijacking
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2012-2770
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20120725,repor...
Depends On: 844456 844457
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-07-30 17:36 UTC by Kurt Seifried
Modified: 2019-06-08 19:12 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-12-11 09:16:45 UTC


Attachments (Terms of Use)

Description Kurt Seifried 2012-07-30 17:36:13 UTC
Best Practical reports:

We have determined a number of security vulnerabilities in commonly installed RT extensions, enumerated below. You can determine which, if any, of these extensions your RT installation is using by navigating to Configuration → Tools → System Configuration, and examining the "Plugins" configuration setting.

We have released updated versions of each vulnerable extension. Installation instructions for each are included in a README file in each extension's tarball. You need only download and upgrade these extensions if you have a previous version of them installed; RT installations with none of the below extensions installed are not vulnerable, and do not need to take action.

RT::Authen::ExternalAuth 0.10 and below (for all versions of RT) are vulnerable to an escalation of privilege attack where the URL of a RSS feed of the user can be used to acquire a fully logged-in session as that user. CVE-2012-2770 has been assigned to this vulnerability.

Users of RT 3.8.2 and above should upgrade to RT::Authen::ExternalAuth 0.11, which resolves this vulnerability. Because users of RT 3.8.1 cannot run RT::Authen::ExternalAuth later then 0.08 (due to bugs in plugin handling code in RT 3.8.1), we are also providing a patch which applies to RT::Authen::ExternalAuth 0.08. This patch should only be applied if you are running RT 3.8.1 and RT::Authen::ExternalAuth 0.08. Instructions for applying the patch can be found in the patch file itself.

References:
http://blog.bestpractical.com/2012/07/security-vulnerabilities-in-three-commonly-deployed-rt-extensions.html
http://cpan.metacpan.org/authors/id/A/AL/ALEXMV/RT-Authen-ExternalAuth-0.11.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-authen-externalauth-0.08.patch

Comment 1 Kurt Seifried 2012-07-30 17:42:02 UTC
Created perl-RT-Authen-ExternalAuth tracking bugs for this issue

Affects: fedora-all [bug 844456]

Comment 2 Kurt Seifried 2012-07-30 17:42:47 UTC
Created perl-RT-Authen-ExternalAuth tracking bugs for this issue

Affects: epel-6 [bug 844457]

Comment 3 Fedora Update System 2012-10-12 19:55:06 UTC
perl-RT-Authen-ExternalAuth-0.08-2.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 4 Kurt Seifried 2012-12-11 09:16:07 UTC
perl-RT-Authen-ExternalAuth-0.11-1.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 5 Kurt Seifried 2012-12-11 09:16:23 UTC
perl-RT-Authen-ExternalAuth-0.11-1.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.