RT 3.8.x < 3.8.17 / 4.x < 4.0.13 Multiple Vulnerabilities

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The version of RT on the remote host is affected by multiple
vulnerabilities.

Description :

According to its self-reported version number, the installation of RT
(Request Tracker) hosted on the remote web server is affected by the
following vulnerabilities :

- A flaw exists that allows users with 'ModifyTicket' to
gain access to 'DeleteTicket' privileges.
(CVE-2012-4733)

- A flaw exists where the 'rt' command-line tool uses
predictable temporary files. (CVE-2013-3368)

- An unspecified error exists when calling arbitrary
'Mason' components without the control of arguments.
(CVE-2013-3369)

- A flaw exists where the program doesn't restrict direct
requests to private callback components. (CVE-2013-3370)

- A cross-site scripting issue exists related to
attachment filenames. (CVE-2013-3371)

- An HTTP header injection issue exists related to
the 'Content-Disposition' header. (CVE-2013-3372)

- A MIME header injection issue exists related to
custom email templates in outgoing email.
(CVE-2013-3373)

- An information disclosure issue exists due to
re-use of session store. (CVE-2013-3374)

- A flaw exists related to the 'MakeClicky' component
and URLs in tickets that could allow cross-site
scripting attacks. A successful attack requires that
the 'MakeClicky' component be configured. Note this
flaw only affects the Request Tracker (RT) 4.x branch.
(CVE-2013-5587)

Note that Nessus has not tested for the issues, but instead has relied
on the application's self-reported version number.

See also :

http://www.nessus.org/u?4c8a91ea
http://www.nessus.org/u?e79fb8ab
http://seclists.org/fulldisclosure/2013/May/123

Solution :

Upgrade to RT 3.8.17 / 4.0.13 or apply the patch listed in the
advisory.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false