RT: Request Tracker < 3.8.17 / 4.0.13 Multiple Vulnerabilities

Medium Nessus Network Monitor Plugin ID 6841

Synopsis

The remote host is running a web application that is vulnerable to several attack vectors.

Description

Versions of Request Tracker earlier than 3.8.17 and 4.0.13 are affected by the following vulnerabilities :

- The rt command line tool uses semi-predictable temporary files. A malicious user can use this flaw to overwrite files with permissions of the user running the rt command line tool. (CVE-2013-3368)
- A malicious user who is allowed to see administration pages can run arbitrary Mason components (without control of arguments), which may have negative side-effects. (CVE-2013-3369)
- RT allows direct requests to private callback components, which could be used to exploit a Request Tracker extension or a local callback which uses the arguments passed to it insecurely. (CVE-2013-3370)
- Cross-site scripting attacks via attachment filenames. (CVE-2013-3371)
- HTTP header injection limited to the value of the Content-Disposition header. (CVE-2013-3372)
- A MIME header injection in outgoing email is possible via email templates. (Stock templates are resolved by updates, but any custom email templates should be updated to ensure that values interpolated into mail headers do not contain newlines.) (CVE-2013-3373)
- Request Tracker is vulnerable to limited session re-use when using the file-based session store, Apache::Session::File. However Request Tracker's default session configuration only uses Apache::Session::File when configured for Oracle databases. (CVE-2013-3374)
- RT 4.0.0 and above are vulnerable to a limited privilege escalation leading to unauthorized modification of ticket data. (CVE-2012-4733)

Solution

Upgrade to RT 3.8.17, 4.0.13, or later.

See Also

http://www.bestpractical.com/rt/release-notes/3.8.17

http://www.bestpractical.com/rt/release-notes/4.0.13

Plugin Details

Severity: Medium

ID: 6841

File Name: 6841.prm

Family: CGI

Published: 2013/05/24

Modified: 2016/01/15

Dependencies: 1442

Nessus ID: 68996

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSSv3

Base Score: 5.6

Temporal Score: 4.9

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 2013/05/22

Vulnerability Publication Date: 2013/05/22

Reference Information

CVE: CVE-2012-4733, CVE-2013-3368, CVE-2013-3369, CVE-2013-3370, CVE-2013-3371, CVE-2013-3372, CVE-2013-3373, CVE-2013-3374

BID: 60083, 60091, 60093, 60094, 60095, 60096, 60105, 60106, 62014