{"id": "DEBIAN_DSA-2150.NASL", "bulletinFamily": "scanner", "title": "Debian DSA-2150-1 : request-tracker3.6 - unsalted password hashing", "description": "It was discovered that Request Tracker, an issue tracking system,\nstored passwords in its database by using an insufficiently strong\nhashing method. If an attacker would have access to the password\ndatabase, he could decode the passwords stored in it.", "published": "2011-01-25T00:00:00", "modified": "2011-01-25T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "href": "https://www.tenable.com/plugins/nessus/51665", "reporter": "This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.debian.org/security/2011/dsa-2150"], "cvelist": ["CVE-2011-0009"], "type": "nessus", "lastseen": "2021-01-06T09:46:14", "edition": 16, "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-0009"]}, {"type": "openvas", "idList": ["OPENVAS:71358", "OPENVAS:136141256231068988", "OPENVAS:71367", "OPENVAS:136141256231071358", "OPENVAS:1361412562310103039", "OPENVAS:68988", "OPENVAS:136141256231071367", "OPENVAS:103039"]}, {"type": "debian", "idList": ["DEBIAN:BSA-022:C2F48", "DEBIAN:DSA-2480-1:C857B", "DEBIAN:DSA-2150-1:2F311", "DEBIAN:BSA-071:FB1AC"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11372", "SECURITYVULNS:DOC:25528", "SECURITYVULNS:DOC:28114"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-2480.NASL", "FEDORA_2011-1677.NASL", "FREEBSD_PKG_E0A969E4A51211E190B4E0CB4E266481.NASL"]}, {"type": "fedora", "idList": ["FEDORA:2E4291112B0"]}, {"type": "freebsd", "idList": ["E0A969E4-A512-11E1-90B4-E0CB4E266481"]}], "modified": "2021-01-06T09:46:14", "rev": 2}, "score": {"value": 5.1, "vector": "NONE", "modified": "2021-01-06T09:46:14", "rev": 2}, "vulnersScore": 5.1}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2150. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51665);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-0009\");\n script_xref(name:\"DSA\", value:\"2150\");\n\n script_name(english:\"Debian DSA-2150-1 : request-tracker3.6 - unsalted password hashing\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Request Tracker, an issue tracking system,\nstored passwords in its database by using an insufficiently strong\nhashing method. If an attacker would have access to the password\ndatabase, he could decode the passwords stored in it.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2150\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the Request Tracker packages.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 3.6.7-5+lenny5.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:request-tracker3.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"request-tracker3.6\", reference:\"3.6.7-5+lenny5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "pluginID": "51665", "cpe": ["cpe:/o:debian:debian_linux:5.0", "p-cpe:/a:debian:debian_linux:request-tracker3.6"], "scheme": null}

{"cve": [{"lastseen": "2020-12-09T19:39:02", "description": "Best Practical Solutions RT 3.x before 3.8.9rc2 and 4.x before 4.0.0rc4 uses the MD5 algorithm for password hashes, which makes it easier for context-dependent attackers to determine cleartext passwords via a brute-force attack on the database.", "edition": 5, "cvss3": {}, "published": "2011-01-25T19:00:00", "title": "CVE-2011-0009", "type": "cve", "cwe": ["CWE-310"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0009"], "modified": "2011-07-20T04:00:00", "cpe": ["cpe:/a:bestpractical:rt:3.6.0", "cpe:/a:bestpractical:rt:3.1.10", "cpe:/a:bestpractical:rt:3.8.5", "cpe:/a:bestpractical:rt:3.7.85", "cpe:/a:bestpractical:rt:3.7.1", "cpe:/a:bestpractical:rt:3.5.7", "cpe:/a:bestpractical:rt:3.0.5", "cpe:/a:bestpractical:rt:3.6.9", "cpe:/a:bestpractical:rt:3.0.6", "cpe:/a:bestpractical:rt:3.0.11", "cpe:/a:bestpractical:rt:3.1.14", "cpe:/a:bestpractical:rt:3.1.12", "cpe:/a:bestpractical:rt:3.1.8", "cpe:/a:bestpractical:rt:3.4.2", "cpe:/a:bestpractical:rt:3.4.0", "cpe:/a:bestpractical:rt:3.6.5", "cpe:/a:bestpractical:rt:3.1.7", "cpe:/a:bestpractical:rt:3.0.10", "cpe:/a:bestpractical:rt:3.0.9", "cpe:/a:bestpractical:rt:3.0.7.1", "cpe:/a:bestpractical:rt:3.1.6", "cpe:/a:bestpractical:rt:3.8.1", "cpe:/a:bestpractical:rt:3.0.3", "cpe:/a:bestpractical:rt:3.6.4", "cpe:/a:bestpractical:rt:3.2.1", "cpe:/a:bestpractical:rt:3.1.4", "cpe:/a:bestpractical:rt:3.0.2", "cpe:/a:bestpractical:rt:3.1.16", "cpe:/a:bestpractical:rt:3.6.1", "cpe:/a:bestpractical:rt:3.4.5", "cpe:/a:bestpractical:rt:3.5.3", "cpe:/a:bestpractical:rt:3.0.8", "cpe:/a:bestpractical:rt:3.8.6", "cpe:/a:bestpractical:rt:3.8.8", "cpe:/a:bestpractical:rt:3.0.7", "cpe:/a:bestpractical:rt:3.7.86", "cpe:/a:bestpractical:rt:3.2.3", "cpe:/a:bestpractical:rt:3.5.4", "cpe:/a:bestpractical:rt:3.4.3", "cpe:/a:bestpractical:rt:3.2.0", "cpe:/a:bestpractical:rt:3.8.9", "cpe:/a:bestpractical:rt:3.8.3", "cpe:/a:bestpractical:rt:4.0.0", "cpe:/a:bestpractical:rt:3.8.7", "cpe:/a:bestpractical:rt:3.1.11", "cpe:/a:bestpractical:rt:3.7.80", "cpe:/a:bestpractical:rt:3.1.5", "cpe:/a:bestpractical:rt:3.4.7", "cpe:/a:bestpractical:rt:3.0.12", "cpe:/a:bestpractical:rt:3.8.4", "cpe:/a:bestpractical:rt:3.6.3", "cpe:/a:bestpractical:rt:3.8.2", "cpe:/a:bestpractical:rt:3.7.5", "cpe:/a:bestpractical:rt:3.0.0", "cpe:/a:bestpractical:rt:3.0.1", "cpe:/a:bestpractical:rt:3.1.15", "cpe:/a:bestpractical:rt:3.4.4", "cpe:/a:bestpractical:rt:3.5.5", "cpe:/a:bestpractical:rt:3.1.13", "cpe:/a:bestpractical:rt:3.6.8", "cpe:/a:bestpractical:rt:3.2.2", "cpe:/a:bestpractical:rt:3.4.6", "cpe:/a:bestpractical:rt:3.6.7", "cpe:/a:bestpractical:rt:3.6.2", "cpe:/a:bestpractical:rt:3.5.1", "cpe:/a:bestpractical:rt:3.6.6", "cpe:/a:bestpractical:rt:3.4.1", "cpe:/a:bestpractical:rt:3.1.17", "cpe:/a:bestpractical:rt:3.5.6", "cpe:/a:bestpractical:rt:3.1.3", "cpe:/a:bestpractical:rt:3.5.2", "cpe:/a:bestpractical:rt:3.0.4", "cpe:/a:bestpractical:rt:3.8.0", "cpe:/a:bestpractical:rt:3.1.2"], "id": "CVE-2011-0009", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0009", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:bestpractical:rt:3.4.7:rc1:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:4.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.2.3:rc1:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.4.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.2.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.8.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.6.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.8.3:rc1:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.8.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.8.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.7.80:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.2.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.4.3:rc2:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:4.0.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.4.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.4.4:pre2:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.6.2:rc5:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.4.5:pre1:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.4.5:rc1:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.6.3:rc2:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.2.1:rc4:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.0.10:pre1:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.8.1:rc5:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.8.8:rc3:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.4.4:pre3:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.6.5:rc1:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.8.1:rc3:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.0.10:pre2:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.6.4:rc2:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.8.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.8.1:rc4:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.8.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.6.6:rc1:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.4.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.4.0:rc5:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.4.5:rc2:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.8.9:rc1:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.4.6:rc1:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.0.11:rc3:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.8.8:rc2:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.6.6:rc3:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.2.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.4.0:rc6:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.6.6:rc2:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.8.6:rc1:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.2.3:rc2:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.8.2:rc2:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.4.6:rc2:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.6.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.4.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.2.1:rc3:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.6.3:rc3:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.7.85:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.4.4:pre1:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.6.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.0.11:rc2:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.8.7:rc1:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.2.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.6.1:pre2:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:4.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.0.11:rc4:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.4.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.6.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.6.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.8.3:rc2:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.6.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.6.2:rc3:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.6.3:rc4:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.8.8:rc4:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.2.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.7.86:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.0.10:rc1:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.6.3:rc1:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.6.2:rc4:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.6.0:pre0:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.4.3:rc1:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.6.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.8.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.4.2:rc2:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.6.5:rc2:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.6.0:pre1:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.8.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:bestpractical:rt:3.1.17:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-09-04T14:20:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0009"], "description": "Request Tracker is prone to an information-disclosure vulnerability\nbecause it fails to securely store passwords.\n\nSuccessful attacks can allow a local attacker to gain access to the\nstored passwords.\n\nRequest Tracker 3.6.x and 3.8.x are affected; other versions may also\nbe vulnerable.", "modified": "2017-08-28T00:00:00", "published": "2011-01-24T00:00:00", "id": "OPENVAS:103039", "href": "http://plugins.openvas.org/nasl.php?oid=103039", "type": "openvas", "title": "Request Tracker Password Information Disclosure Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_rt_45959.nasl 7015 2017-08-28 11:51:24Z teissa $\n#\n# Request Tracker Password Information Disclosure Vulnerability\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_summary = \"Request Tracker is prone to an information-disclosure vulnerability\nbecause it fails to securely store passwords.\n\nSuccessful attacks can allow a local attacker to gain access to the\nstored passwords.\n\nRequest Tracker 3.6.x and 3.8.x are affected; other versions may also\nbe vulnerable.\";\n\ntag_solution = \"Updates are available. Please see the references for details.\";\n\nif (description)\n{\n script_id(103039);\n script_version(\"$Revision: 7015 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-28 13:51:24 +0200 (Mon, 28 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-24 13:11:38 +0100 (Mon, 24 Jan 2011)\");\n script_bugtraq_id(45959);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2011-0009\");\n\n script_name(\"Request Tracker Password Information Disclosure Vulnerability\");\n\n script_xref(name : \"URL\" , value : \"https://www.securityfocus.com/bid/45959\");\n script_xref(name : \"URL\" , value : \"http://www.bestpractical.com/rt/\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2011 Greenbone Networks GmbH\");\n script_dependencies(\"rt_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"version_func.inc\");\n\nport = get_http_port(default:80);\nif(!get_port_state(port))exit(0);\n\nif (!can_host_php(port:port)) exit(0);\n\nif(vers = get_version_from_kb(port:port,app:\"rt_tracker\")) {\n\n if(version_in_range(version: vers, test_version: \"3.6\", test_version2: \"3.6.7\") ||\n version_in_range(version: vers, test_version: \"3.8\", test_version2: \"3.8.8\") ) {\n security_message(port:port);\n exit(0);\n }\n\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-24T12:55:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0009"], "description": "The remote host is missing an update to request-tracker3.6\nannounced via advisory DSA 2150-1.", "modified": "2017-07-07T00:00:00", "published": "2011-03-07T00:00:00", "id": "OPENVAS:68988", "href": "http://plugins.openvas.org/nasl.php?oid=68988", "type": "openvas", "title": "Debian Security Advisory DSA 2150-1 (request-tracker3.6)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2150_1.nasl 6613 2017-07-07 12:08:40Z cfischer $\n# Description: Auto-generated from advisory DSA 2150-1 (request-tracker3.6)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that Request Tracker, an issue tracking system,\nstored passwords in its database by using an insufficiently strong\nhashing method. If an attacker would have access to the password\ndatabase, he could decode the passwords stored in it.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 3.6.7-5+lenny5.\n\nThe testing distribution (squeeze) will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.8.8-7 of the request-tracker3.8 package.\n\nWe recommend that you upgrade your Request Tracker packages.\";\ntag_summary = \"The remote host is missing an update to request-tracker3.6\nannounced via advisory DSA 2150-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202150-1\";\n\n\nif(description)\n{\n script_id(68988);\n script_version(\"$Revision: 6613 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:40 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-07 16:04:02 +0100 (Mon, 07 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2011-0009\");\n script_name(\"Debian Security Advisory DSA 2150-1 (request-tracker3.6)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"request-tracker3.6\", ver:\"3.6.7-5+lenny5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rt3.6-apache2\", ver:\"3.6.7-5+lenny5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rt3.6-clients\", ver:\"3.6.7-5+lenny5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rt3.6-db-mysql\", ver:\"3.6.7-5+lenny5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rt3.6-db-postgresql\", ver:\"3.6.7-5+lenny5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rt3.6-db-sqlite\", ver:\"3.6.7-5+lenny5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2020-05-12T17:32:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0009"], "description": "Request Tracker is prone to an information-disclosure vulnerability\n because it fails to securely store passwords.", "modified": "2020-05-08T00:00:00", "published": "2011-01-24T00:00:00", "id": "OPENVAS:1361412562310103039", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103039", "type": "openvas", "title": "Request Tracker Password Information Disclosure Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Request Tracker Password Information Disclosure Vulnerability\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2011 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103039\");\n script_version(\"2020-05-08T08:34:44+0000\");\n script_tag(name:\"last_modification\", value:\"2020-05-08 08:34:44 +0000 (Fri, 08 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-01-24 13:11:38 +0100 (Mon, 24 Jan 2011)\");\n script_bugtraq_id(45959);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2011-0009\");\n\n script_name(\"Request Tracker Password Information Disclosure Vulnerability\");\n\n script_xref(name:\"URL\", value:\"https://www.securityfocus.com/bid/45959\");\n script_xref(name:\"URL\", value:\"http://www.bestpractical.com/rt/\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_dependencies(\"rt_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"RequestTracker/installed\");\n\n script_tag(name:\"solution\", value:\"Updates are available. Please see the references for details.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"summary\", value:\"Request Tracker is prone to an information-disclosure vulnerability\n because it fails to securely store passwords.\");\n\n script_tag(name:\"impact\", value:\"Successful attacks can allow a local attacker to gain access to the\n stored passwords.\");\n\n script_tag(name:\"affected\", value:\"Request Tracker 3.6.x and 3.8.x are affected. Other versions may also\n be vulnerable.\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\n\nport = http_get_port(default:80);\n\nif(vers = get_version_from_kb(port:port,app:\"rt_tracker\")) {\n if(version_in_range(version: vers, test_version: \"3.6\", test_version2: \"3.6.7\") ||\n version_in_range(version: vers, test_version: \"3.8\", test_version2: \"3.8.8\") ) {\n security_message(port:port);\n exit(0);\n }\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:39:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0009"], "description": "The remote host is missing an update to request-tracker3.6\nannounced via advisory DSA 2150-1.", "modified": "2019-03-18T00:00:00", "published": "2011-03-07T00:00:00", "id": "OPENVAS:136141256231068988", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231068988", "type": "openvas", "title": "Debian Security Advisory DSA 2150-1 (request-tracker3.6)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2150_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2150-1 (request-tracker3.6)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.68988\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-07 16:04:02 +0100 (Mon, 07 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2011-0009\");\n script_name(\"Debian Security Advisory DSA 2150-1 (request-tracker3.6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB5\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202150-1\");\n script_tag(name:\"insight\", value:\"It was discovered that Request Tracker, an issue tracking system,\nstored passwords in its database by using an insufficiently strong\nhashing method. If an attacker would have access to the password\ndatabase, he could decode the passwords stored in it.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 3.6.7-5+lenny5.\n\nThe testing distribution (squeeze) will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.8.8-7 of the request-tracker3.8 package.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your Request Tracker packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to request-tracker3.6\nannounced via advisory DSA 2150-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"request-tracker3.6\", ver:\"3.6.7-5+lenny5\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rt3.6-apache2\", ver:\"3.6.7-5+lenny5\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rt3.6-clients\", ver:\"3.6.7-5+lenny5\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rt3.6-db-mysql\", ver:\"3.6.7-5+lenny5\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rt3.6-db-postgresql\", ver:\"3.6.7-5+lenny5\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rt3.6-db-sqlite\", ver:\"3.6.7-5+lenny5\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2017-07-02T21:10:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2085", "CVE-2011-4459", "CVE-2011-4458", "CVE-2011-2084", "CVE-2011-2082", "CVE-2011-2083", "CVE-2011-0009", "CVE-2011-4460"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2017-04-18T00:00:00", "published": "2012-05-31T00:00:00", "id": "OPENVAS:71367", "href": "http://plugins.openvas.org/nasl.php?oid=71367", "type": "openvas", "title": "FreeBSD Ports: rt40", "sourceData": "#\n#VID e0a969e4-a512-11e1-90b4-e0cb4e266481\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID e0a969e4-a512-11e1-90b4-e0cb4e266481\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n rt40\n rt38\n\nCVE-2011-0009\nBest Practical Solutions RT 3.x before 3.8.9rc2 and 4.x before\n4.0.0rc4 uses the MD5 algorithm for password hashes, which makes it\neasier for context-dependent attackers to determine cleartext\npasswords via a brute-force attack on the database.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://blog.bestpractical.com/2012/05/security-vulnerabilities-in-rt.html\nhttp://www.vuxml.org/freebsd/e0a969e4-a512-11e1-90b4-e0cb4e266481.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(71367);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-0009\", \"CVE-2011-2082\", \"CVE-2011-2083\", \"CVE-2011-2084\", \"CVE-2011-2085\", \"CVE-2011-4458\", \"CVE-2011-4459\", \"CVE-2011-4460\");\n script_version(\"$Revision: 5963 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-18 11:02:14 +0200 (Tue, 18 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-31 11:53:50 -0400 (Thu, 31 May 2012)\");\n script_name(\"FreeBSD Ports: rt40\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\nvuln = 0;\ntxt = \"\";\nbver = portver(pkg:\"rt40\");\nif(!isnull(bver) && revcomp(a:bver, b:\"4.0\")>=0 && revcomp(a:bver, b:\"4.0.6\")<0) {\n txt += \"Package rt40 version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\nbver = portver(pkg:\"rt38\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.8.12\")<0) {\n txt += \"Package rt38 version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt ));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2085", "CVE-2011-4459", "CVE-2011-4458", "CVE-2011-2084", "CVE-2011-2082", "CVE-2011-2083", "CVE-2011-0009", "CVE-2011-4460"], "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "modified": "2018-10-05T00:00:00", "published": "2012-05-31T00:00:00", "id": "OPENVAS:136141256231071367", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071367", "type": "openvas", "title": "FreeBSD Ports: rt40", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_rt40.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID e0a969e4-a512-11e1-90b4-e0cb4e266481\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71367\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-0009\", \"CVE-2011-2082\", \"CVE-2011-2083\", \"CVE-2011-2084\", \"CVE-2011-2085\", \"CVE-2011-4458\", \"CVE-2011-4459\", \"CVE-2011-4460\");\n script_version(\"$Revision: 11762 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-31 11:53:50 -0400 (Thu, 31 May 2012)\");\n script_name(\"FreeBSD Ports: rt40\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following packages are affected:\n\n rt40\n rt38\n\nCVE-2011-0009\nBest Practical Solutions RT 3.x before 3.8.9rc2 and 4.x before\n4.0.0rc4 uses the MD5 algorithm for password hashes, which makes it\neasier for context-dependent attackers to determine cleartext\npasswords via a brute-force attack on the database.\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"http://blog.bestpractical.com/2012/05/security-vulnerabilities-in-rt.html\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/e0a969e4-a512-11e1-90b4-e0cb4e266481.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"rt40\");\nif(!isnull(bver) && revcomp(a:bver, b:\"4.0\")>=0 && revcomp(a:bver, b:\"4.0.6\")<0) {\n txt += \"Package rt40 version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\nbver = portver(pkg:\"rt38\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.8.12\")<0) {\n txt += \"Package rt38 version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:50:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2085", "CVE-2011-4459", "CVE-2011-4458", "CVE-2011-2084", "CVE-2011-2082", "CVE-2011-2083", "CVE-2011-0009", "CVE-2011-4460"], "description": "The remote host is missing an update to request-tracker3.8\nannounced via advisory DSA 2480-1.", "modified": "2017-07-07T00:00:00", "published": "2012-05-31T00:00:00", "id": "OPENVAS:71358", "href": "http://plugins.openvas.org/nasl.php?oid=71358", "type": "openvas", "title": "Debian Security Advisory DSA 2480-1 (request-tracker3.8)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2480_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2480-1 (request-tracker3.8)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities were discovered in Request Tracker, an issue\ntracking system:\n\nCVE-2011-2082\n\nThe vulnerable-passwords scripts introduced for CVE-2011-0009\nfailed to correct the password hashes of disabled users.\n\nCVE-2011-2083\n\nSeveral cross-site scripting issues have been discovered.\n\nCVE-2011-2084\n\nPassword hashes could be disclosed by privileged users.\n\nCVE-2011-2085\n\nSeveral cross-site request forgery vulnerabilities have been\nfound. If this update breaks your setup, you can restore the old\nbehaviour by setting $RestrictReferrer to 0.\n\nCVE-2011-4458\n\nThe code to support variable envelope return paths allowed the\nexecution of arbitrary code.\n\nCVE-2011-4459\n\nDisabled groups were not fully accounted as disabled.\n\nCVE-2011-4460\n\nSQL injection vulnerability, only exploitable by privileged users.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.8.8-7+squeeze2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 4.0.5-3.\n\nWe recommend that you upgrade your request-tracker3.8 packages.\";\ntag_summary = \"The remote host is missing an update to request-tracker3.8\nannounced via advisory DSA 2480-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202480-1\";\n\nif(description)\n{\n script_id(71358);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-2082\", \"CVE-2011-2083\", \"CVE-2011-2084\", \"CVE-2011-2085\", \"CVE-2011-4458\", \"CVE-2011-4459\", \"CVE-2011-4460\", \"CVE-2011-0009\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-31 11:52:03 -0400 (Thu, 31 May 2012)\");\n script_name(\"Debian Security Advisory DSA 2480-1 (request-tracker3.8)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"request-tracker3.8\", ver:\"3.8.8-7+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rt3.8-apache2\", ver:\"3.8.8-7+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rt3.8-clients\", ver:\"3.8.8-7+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rt3.8-db-mysql\", ver:\"3.8.8-7+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rt3.8-db-postgresql\", ver:\"3.8.8-7+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rt3.8-db-sqlite\", ver:\"3.8.8-7+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2085", "CVE-2011-4459", "CVE-2011-4458", "CVE-2011-2084", "CVE-2011-2082", "CVE-2011-2083", "CVE-2011-0009", "CVE-2011-4460"], "description": "The remote host is missing an update to request-tracker3.8\nannounced via advisory DSA 2480-1.", "modified": "2019-03-18T00:00:00", "published": "2012-05-31T00:00:00", "id": "OPENVAS:136141256231071358", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071358", "type": "openvas", "title": "Debian Security Advisory DSA 2480-1 (request-tracker3.8)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2480_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2480-1 (request-tracker3.8)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71358\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-2082\", \"CVE-2011-2083\", \"CVE-2011-2084\", \"CVE-2011-2085\", \"CVE-2011-4458\", \"CVE-2011-4459\", \"CVE-2011-4460\", \"CVE-2011-0009\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-31 11:52:03 -0400 (Thu, 31 May 2012)\");\n script_name(\"Debian Security Advisory DSA 2480-1 (request-tracker3.8)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202480-1\");\n script_tag(name:\"insight\", value:\"Several vulnerabilities were discovered in Request Tracker, an issue\ntracking system:\n\nCVE-2011-2082\n\nThe vulnerable-passwords scripts introduced for CVE-2011-0009\nfailed to correct the password hashes of disabled users.\n\nCVE-2011-2083\n\nSeveral cross-site scripting issues have been discovered.\n\nCVE-2011-2084\n\nPassword hashes could be disclosed by privileged users.\n\nCVE-2011-2085\n\nSeveral cross-site request forgery vulnerabilities have been\nfound. If this update breaks your setup, you can restore the old\nbehaviour by setting $RestrictReferrer to 0.\n\nCVE-2011-4458\n\nThe code to support variable envelope return paths allowed the\nexecution of arbitrary code.\n\nCVE-2011-4459\n\nDisabled groups were not fully accounted as disabled.\n\nCVE-2011-4460\n\nSQL injection vulnerability, only exploitable by privileged users.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.8.8-7+squeeze2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 4.0.5-3.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your request-tracker3.8 packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to request-tracker3.8\nannounced via advisory DSA 2480-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"request-tracker3.8\", ver:\"3.8.8-7+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rt3.8-apache2\", ver:\"3.8.8-7+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rt3.8-clients\", ver:\"3.8.8-7+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rt3.8-db-mysql\", ver:\"3.8.8-7+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rt3.8-db-postgresql\", ver:\"3.8.8-7+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rt3.8-db-sqlite\", ver:\"3.8.8-7+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:22:17", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0009"], "description": "Jan Wagner uploaded new packages for request-tracker3.8 which fixed the\nfollowing security problems:\n\nCVE-2011-0009\n It was discovered that Request Tracker, an issue tracking system,\n stored passwords in its database by using an insufficiently strong\n hashing method. If an attacker would have access to the password\n database, he could decode the passwords stored in it.\n\n http://security-tracker.debian.org/tracker/CVE-2011-0009\n\nFor the lenny-backports distribution the problems have been fixed in\nversion 3.8.8-7~bpo50+1.\n\nFor the unstable (sid) distribution, the problem has been fixed in version \n3.8.8-7, for testing (squeeze) the fix should follow soon.\n\nUpgrade instructions\n- - --------------------\n\nIf you don&#x27;t use pinning (see [1]) you have to update the package\nmanually via &quot;apt-get -t lenny-backports install &lt;packagelist&gt;&quot; with\nthe packagelist of your installed packages affected by this update.\n[1] &lt;http://backports.debian.org/Instructions&gt;\n\nWe recommend to pin the backports repository to 200 so that new\nversions of installed backports will be installed automatically. \n\n Package: *\n Pin: release a=lenny-backports\n Pin-Priority: 200\n", "edition": 2, "modified": "2011-01-24T07:25:18", "published": "2011-01-24T07:25:18", "id": "DEBIAN:BSA-022:C2F48", "href": "https://lists.debian.org/debian-backports-announce/2011/debian-backports-announce-201101/msg00006.html", "title": "[BSA-022] Security Update for request-tracker3.8", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-11-11T13:21:48", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0009"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2150-1 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nJanuary 22, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : request-tracker3.6\nVulnerability : unsalted password hashing\nProblem type : local\nDebian-specific: no\nCVE ID : CVE-2011-0009\n\nIt was discovered that Request Tracker, an issue tracking system,\nstored passwords in its database by using an insufficiently strong\nhashing method. If an attacker would have access to the password\ndatabase, he could decode the passwords stored in it.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 3.6.7-5+lenny5.\n\nThe testing distribution (squeeze) will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.8.8-7 of the request-tracker3.8 package.\n\nWe recommend that you upgrade your Request Tracker packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n\n", "edition": 3, "modified": "2011-01-22T11:13:37", "published": "2011-01-22T11:13:37", "id": "DEBIAN:DSA-2150-1:2F311", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00014.html", "title": "[SECURITY] [DSA 2150-1] request-tracker3.6 security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-11-11T13:20:14", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2085", "CVE-2011-4459", "CVE-2011-4458", "CVE-2011-2084", "CVE-2011-2082", "CVE-2011-2083", "CVE-2011-0009", "CVE-2011-4460"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2480-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMay 24, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : request-tracker3.8\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-2082 CVE-2011-2083 CVE-2011-2084 CVE-2011-2085 \n CVE-2011-4458 CVE-2011-4459 CVE-2011-4460\n\nSeveral vulnerabilities were discovered in Request Tracker, an issue\ntracking system:\n\nCVE-2011-2082\n\n The vulnerable-passwords scripts introduced for CVE-2011-0009\n failed to correct the password hashes of disabled users.\n\nCVE-2011-2083\n\n Several cross-site scripting issues have been discovered.\n\nCVE-2011-2084\n\n Password hashes could be disclosed by privileged users.\n\nCVE-2011-2085\n\n Several cross-site request forgery vulnerabilities have been\n found. If this update breaks your setup, you can restore the old\n behaviour by setting $RestrictReferrer to 0.\n\nCVE-2011-4458\n\n The code to support variable envelope return paths allowed the\n execution of arbitrary code.\n\nCVE-2011-4459\n\n Disabled groups were not fully accounted as disabled.\n\nCVE-2011-4460\n\n SQL injection vulnerability, only exploitable by privileged users.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.8.8-7+squeeze2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 4.0.5-3.\n\nWe recommend that you upgrade your request-tracker3.8 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2012-05-24T17:37:26", "published": "2012-05-24T17:37:26", "id": "DEBIAN:DSA-2480-1:C857B", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00117.html", "title": "[SECURITY] [DSA 2480-1] request-tracker3.8 security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:23:06", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2085", "CVE-2011-4459", "CVE-2011-4458", "CVE-2011-2084", "CVE-2011-2082", "CVE-2011-2083", "CVE-2011-0009", "CVE-2011-4460"], "description": "Dominic Hargreaves uploaded new packages for request-tracker4 which fixed\nthe following security problems:\n\nCVE-2011-2082\n\n The vulnerable-passwords scripts introduced for CVE-2011-0009\n failed to correct the password hashes of disabled users.\n\nCVE-2011-2083\n\n Several cross-site scripting issues have been discovered. \n\nCVE-2011-2084\n\n Password hashes could be disclosed by privileged users.\n\nCVE-2011-2085\n\n Several cross-site request forgery vulnerabilities have been\n found. If this update breaks your setup, you can restore the old\n behaviour by setting $RestrictReferrer to 0.\n\nCVE-2011-4458\n\n The code to support variable envelope return paths allowed the\n execution of arbitrary code.\n\nCVE-2011-4459\n\n Disabled groups were not fully accounted as disabled.\n\nCVE-2011-4460\n\n SQL injection vulnerability, only exploitable by privileged users.\n\nFor the squeeze-backports distribution the problems have been fixed in\nversion 4.0.5-3~bpo60+1.\n", "edition": 2, "modified": "2012-05-28T08:40:24", "published": "2012-05-28T08:40:24", "id": "DEBIAN:BSA-071:FB1AC", "href": "https://lists.debian.org/debian-backports-announce/2012/debian-backports-announce-201205/msg00000.html", "title": "[BSA-071] Security Update for request-tracker4", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:38", "bulletinFamily": "software", "cvelist": ["CVE-2011-0009"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2150-1 security@debian.org\r\nhttp://www.debian.org/security/ Thijs Kinkhorst\r\nJanuary 22, 2011 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : request-tracker3.6\r\nVulnerability : unsalted password hashing\r\nProblem type : local\r\nDebian-specific: no\r\nCVE ID : CVE-2011-0009\r\n\r\nIt was discovered that Request Tracker, an issue tracking system,\r\nstored passwords in its database by using an insufficiently strong\r\nhashing method. If an attacker would have access to the password\r\ndatabase, he could decode the passwords stored in it.\r\n\r\nFor the stable distribution &#40;lenny&#41;, this problem has been fixed in\r\nversion 3.6.7-5+lenny5.\r\n\r\nThe testing distribution &#40;squeeze&#41; will be fixed soon.\r\n\r\nFor the unstable distribution &#40;sid&#41;, this problem has been fixed in\r\nversion 3.8.8-7 of the request-tracker3.8 package.\r\n\r\nWe recommend that you upgrade your Request Tracker packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 &#40;GNU/Linux&#41;\r\n\r\niQEcBAEBAgAGBQJNOruJAAoJEOxfUAG2iX57BzIIAMjiGZCsFvnj1UOskVYXwoKp\r\nZjrlPCH3uK3X48ujEIlZOwoIPN14aRRXq/TW3DM98LA0T58Z389AXhxc21zRtFHO\r\n6grO8CF9z4wJS1s9BalK9lqvPm1fiXbAhpUcs9nG2xGuDA0/ZRbf//wtxnDia7kK\r\n62yLGc9xbDrDmVvSM0wTB5aUW04HLC41iWHfSfMxZ68QenkZvTeVb4AC3eb3I+mK\r\nNaNa8UF2Nxpdr7j1Qr1zM3E2uzu+vp06Bh7mfksdmUP2n4biDr1v3vxmfnrDdDgQ\r\nSocES2UkRky7OBHKQzcICu5qrqiqzOJijbSVoR+8ZXf5uds6guVyh3MDzZ11Xjs=\r\n=0G00\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2011-01-24T00:00:00", "published": "2011-01-24T00:00:00", "id": "SECURITYVULNS:DOC:25528", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25528", "title": "[SECURITY] [DSA 2150-1] request-tracker3.6 security update", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:40", "bulletinFamily": "software", "cvelist": ["CVE-2010-4369", "CVE-2011-0009"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "modified": "2011-01-24T00:00:00", "published": "2011-01-24T00:00:00", "id": "SECURITYVULNS:VULN:11372", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11372", "title": "Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;", "type": "securityvulns", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:44", "bulletinFamily": "software", "cvelist": ["CVE-2011-2085", "CVE-2011-4459", "CVE-2011-4458", "CVE-2011-2084", "CVE-2011-2082", "CVE-2011-2083", "CVE-2011-0009", "CVE-2011-4460"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2480-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nMay 24, 2012 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : request-tracker3.8\r\nVulnerability : several\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2011-2082 CVE-2011-2083 CVE-2011-2084 CVE-2011-2085 \r\n CVE-2011-4458 CVE-2011-4459 CVE-2011-4460\r\n\r\nSeveral vulnerabilities were discovered in Request Tracker, an issue\r\ntracking system:\r\n\r\nCVE-2011-2082\r\n\r\n The vulnerable-passwords scripts introduced for CVE-2011-0009\r\n failed to correct the password hashes of disabled users.\r\n\r\nCVE-2011-2083\r\n\r\n Several cross-site scripting issues have been discovered.\r\n\r\nCVE-2011-2084\r\n\r\n Password hashes could be disclosed by privileged users.\r\n\r\nCVE-2011-2085\r\n\r\n Several cross-site request forgery vulnerabilities have been\r\n found. If this update breaks your setup, you can restore the old\r\n behaviour by setting $RestrictReferrer to 0.\r\n\r\nCVE-2011-4458\r\n\r\n The code to support variable envelope return paths allowed the\r\n execution of arbitrary code.\r\n\r\nCVE-2011-4459\r\n\r\n Disabled groups were not fully accounted as disabled.\r\n\r\nCVE-2011-4460\r\n\r\n SQL injection vulnerability, only exploitable by privileged users.\r\n\r\n\r\nFor the stable distribution &#40;squeeze&#41;, this problem has been fixed in\r\nversion 3.8.8-7+squeeze2.\r\n\r\nFor the unstable distribution &#40;sid&#41;, this problem has been fixed in\r\nversion 4.0.5-3.\r\n\r\nWe recommend that you upgrade your request-tracker3.8 packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 &#40;GNU/Linux&#41;\r\n\r\niEYEARECAAYFAk++cYMACgkQXm3vHE4uylokxACguQb84ehN2ODvrYW4Mr1CmOLY\r\nXIkAoJ/DIybBV9MxZA7txyMDE56vsWeM\r\n=+4ft\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2012-06-03T00:00:00", "published": "2012-06-03T00:00:00", "id": "SECURITYVULNS:DOC:28114", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28114", "title": "[SECURITY] [DSA 2480-1] request-tracker3.8 security update", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0009"], "description": "RT is an enterprise-grade ticketing system which enables a group of people to intelligently and efficiently manage tasks, issues, and requests submitt ed by a community of users. ", "modified": "2011-03-03T03:21:54", "published": "2011-03-03T03:21:54", "id": "FEDORA:2E4291112B0", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: rt3-3.8.9-1.fc15", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2021-01-12T10:09:22", "description": " - Bug #672257 - CVE-2011-0009 RT3: Insecure hashing\n algorithm used for storage of user passwords\n [fedora-all]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2011-03-03T00:00:00", "title": "Fedora 15 : rt3-3.8.9-1.fc15 (2011-1677)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0009"], "modified": "2011-03-03T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rt3", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2011-1677.NASL", "href": "https://www.tenable.com/plugins/nessus/52518", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-1677.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(52518);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-0009\");\n script_xref(name:\"FEDORA\", value:\"2011-1677\");\n\n script_name(english:\"Fedora 15 : rt3-3.8.9-1.fc15 (2011-1677)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Bug #672257 - CVE-2011-0009 RT3: Insecure hashing\n algorithm used for storage of user passwords\n [fedora-all]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=672257\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-March/054740.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a5d8c3c2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected rt3 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rt3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"rt3-3.8.9-1.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rt3\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-07T10:50:46", "description": "BestPractical report :\n\nInternal audits of the RT codebase have uncovered a number of security\nvulnerabilities in RT. We are releasing versions 3.8.12 and 4.0.6 to\nresolve these vulnerabilities, as well as patches which apply atop all\nreleased versions of 3.8 and 4.0.\n\nThe vulnerabilities addressed by 3.8.12, 4.0.6, and the below patches\ninclude the following :\n\nThe previously released tool to upgrade weak password hashes as part\nof CVE-2011-0009 was an incomplete fix and failed to upgrade passwords\nof disabled users.\n\nRT versions 3.0 and above contain a number of cross-site scripting\n(XSS) vulnerabilities which allow an attacker to run JavaScript with\nthe user's credentials. CVE-2011-2083 is assigned to this\nvulnerability.\n\nRT versions 3.0 and above are vulnerable to multiple information\ndisclosure vulnerabilities. This includes the ability for privileged\nusers to expose users' previous password hashes -- this vulnerability\nis particularly dangerous given RT's weak hashing previous to the fix\nin CVE-2011-0009. A separate vulnerability allows privileged users to\nobtain correspondence history for any ticket in RT. CVE-2011-2084 is\nassigned to this vulnerability.\n\nAll publicly released versions of RT are vulnerable to cross-site\nrequest forgery (CSRF). CVE-2011-2085 is assigned to this\nvulnerability.\n\nWe have also added a separate configuration option\n($RestrictLoginReferrer) to prevent login CSRF, a different class of\nCSRF attack.\n\nRT versions 3.6.1 and above are vulnerable to a remote execution of\ncode vulnerability if the optional VERP configuration options\n($VERPPrefix and $VERPDomain) are enabled. RT 3.8.0 and higher are\nvulnerable to a limited remote execution of code which can be\nleveraged for privilege escalation. RT 4.0.0 and above contain a\nvulnerability in the global $DisallowExecuteCode option, allowing\nsufficiently privileged users to still execute code even if RT was\nconfigured to not allow it. CVE-2011-4458 is assigned to this set of\nvulnerabilities.\n\nRT versions 3.0 and above may, under some circumstances, still respect\nrights that a user only has by way of a currently-disabled group.\nCVE-2011-4459 is assigned to this vulnerability.\n\nRT versions 2.0 and above are vulnerable to a SQL injection attack,\nwhich allow privileged users to obtain arbitrary information from the\ndatabase. CVE-2011-4460 is assigned to this vulnerability.", "edition": 22, "published": "2012-05-29T00:00:00", "title": "FreeBSD : RT -- Multiple Vulnerabilities (e0a969e4-a512-11e1-90b4-e0cb4e266481)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2085", "CVE-2011-4459", "CVE-2011-4458", "CVE-2011-2084", "CVE-2011-2082", "CVE-2011-2083", "CVE-2011-0009", "CVE-2011-4460"], "modified": "2012-05-29T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:rt40", "p-cpe:/a:freebsd:freebsd:rt38"], "id": "FREEBSD_PKG_E0A969E4A51211E190B4E0CB4E266481.NASL", "href": "https://www.tenable.com/plugins/nessus/59283", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59283);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-0009\", \"CVE-2011-2082\", \"CVE-2011-2083\", \"CVE-2011-2084\", \"CVE-2011-2085\", \"CVE-2011-4458\", \"CVE-2011-4459\", \"CVE-2011-4460\");\n\n script_name(english:\"FreeBSD : RT -- Multiple Vulnerabilities (e0a969e4-a512-11e1-90b4-e0cb4e266481)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"BestPractical report :\n\nInternal audits of the RT codebase have uncovered a number of security\nvulnerabilities in RT. We are releasing versions 3.8.12 and 4.0.6 to\nresolve these vulnerabilities, as well as patches which apply atop all\nreleased versions of 3.8 and 4.0.\n\nThe vulnerabilities addressed by 3.8.12, 4.0.6, and the below patches\ninclude the following :\n\nThe previously released tool to upgrade weak password hashes as part\nof CVE-2011-0009 was an incomplete fix and failed to upgrade passwords\nof disabled users.\n\nRT versions 3.0 and above contain a number of cross-site scripting\n(XSS) vulnerabilities which allow an attacker to run JavaScript with\nthe user's credentials. CVE-2011-2083 is assigned to this\nvulnerability.\n\nRT versions 3.0 and above are vulnerable to multiple information\ndisclosure vulnerabilities. This includes the ability for privileged\nusers to expose users' previous password hashes -- this vulnerability\nis particularly dangerous given RT's weak hashing previous to the fix\nin CVE-2011-0009. A separate vulnerability allows privileged users to\nobtain correspondence history for any ticket in RT. CVE-2011-2084 is\nassigned to this vulnerability.\n\nAll publicly released versions of RT are vulnerable to cross-site\nrequest forgery (CSRF). CVE-2011-2085 is assigned to this\nvulnerability.\n\nWe have also added a separate configuration option\n($RestrictLoginReferrer) to prevent login CSRF, a different class of\nCSRF attack.\n\nRT versions 3.6.1 and above are vulnerable to a remote execution of\ncode vulnerability if the optional VERP configuration options\n($VERPPrefix and $VERPDomain) are enabled. RT 3.8.0 and higher are\nvulnerable to a limited remote execution of code which can be\nleveraged for privilege escalation. RT 4.0.0 and above contain a\nvulnerability in the global $DisallowExecuteCode option, allowing\nsufficiently privileged users to still execute code even if RT was\nconfigured to not allow it. CVE-2011-4458 is assigned to this set of\nvulnerabilities.\n\nRT versions 3.0 and above may, under some circumstances, still respect\nrights that a user only has by way of a currently-disabled group.\nCVE-2011-4459 is assigned to this vulnerability.\n\nRT versions 2.0 and above are vulnerable to a SQL injection attack,\nwhich allow privileged users to obtain arbitrary information from the\ndatabase. CVE-2011-4460 is assigned to this vulnerability.\"\n );\n # http://blog.bestpractical.com/2012/05/security-vulnerabilities-in-rt.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ebd34bfd\"\n );\n # https://vuxml.freebsd.org/freebsd/e0a969e4-a512-11e1-90b4-e0cb4e266481.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bb1ef315\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rt38\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rt40\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"rt40>=4.0<4.0.6\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"rt38<3.8.12\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:47:29", "description": "Several vulnerabilities were discovered in Request Tracker, an issue\ntracking system :\n\n - CVE-2011-2082\n The vulnerable-passwords scripts introduced for\n CVE-2011-0009 failed to correct the password hashes of\n disabled users.\n\n - CVE-2011-2083\n Several cross-site scripting issues have been\n discovered.\n\n - CVE-2011-2084\n Password hashes could be disclosed by privileged users.\n\n - CVE-2011-2085\n Several cross-site request forgery vulnerabilities have\n been found. If this update breaks your setup, you can\n restore the old behaviour by setting $RestrictReferrer\n to 0.\n\n - CVE-2011-4458\n The code to support variable envelope return paths\n allowed the execution of arbitrary code.\n\n - CVE-2011-4459\n Disabled groups were not fully accounted as disabled.\n\n - CVE-2011-4460\n SQL injection vulnerability, only exploitable by\n privileged users.\n\nPlease note that if you run request-tracker3.8 under the Apache web\nserver, you must stop and start Apache manually. The 'restart'\nmechanism is not recommended, especially when using mod_perl.", "edition": 17, "published": "2012-06-29T00:00:00", "title": "Debian DSA-2480-4 : request-tracker3.8 - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2085", "CVE-2011-4459", "CVE-2011-4458", "CVE-2011-2084", "CVE-2011-2082", "CVE-2011-2083", "CVE-2011-0009", "CVE-2011-4460"], "modified": "2012-06-29T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:request-tracker3.8"], "id": "DEBIAN_DSA-2480.NASL", "href": "https://www.tenable.com/plugins/nessus/59758", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2480. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59758);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-2082\", \"CVE-2011-2083\", \"CVE-2011-2084\", \"CVE-2011-2085\", \"CVE-2011-4458\", \"CVE-2011-4459\", \"CVE-2011-4460\");\n script_bugtraq_id(53660);\n script_xref(name:\"DSA\", value:\"2480\");\n\n script_name(english:\"Debian DSA-2480-4 : request-tracker3.8 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in Request Tracker, an issue\ntracking system :\n\n - CVE-2011-2082\n The vulnerable-passwords scripts introduced for\n CVE-2011-0009 failed to correct the password hashes of\n disabled users.\n\n - CVE-2011-2083\n Several cross-site scripting issues have been\n discovered.\n\n - CVE-2011-2084\n Password hashes could be disclosed by privileged users.\n\n - CVE-2011-2085\n Several cross-site request forgery vulnerabilities have\n been found. If this update breaks your setup, you can\n restore the old behaviour by setting $RestrictReferrer\n to 0.\n\n - CVE-2011-4458\n The code to support variable envelope return paths\n allowed the execution of arbitrary code.\n\n - CVE-2011-4459\n Disabled groups were not fully accounted as disabled.\n\n - CVE-2011-4460\n SQL injection vulnerability, only exploitable by\n privileged users.\n\nPlease note that if you run request-tracker3.8 under the Apache web\nserver, you must stop and start Apache manually. The 'restart'\nmechanism is not recommended, especially when using mod_perl.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674924\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2082\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0009\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2083\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2085\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4458\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4459\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/request-tracker3.8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2480\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the request-tracker3.8 packages.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 3.8.8-7+squeeze5.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:request-tracker3.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"request-tracker3.8\", reference:\"3.8.8-7+squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"rt3.8-apache2\", reference:\"3.8.8-7+squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"rt3.8-clients\", reference:\"3.8.8-7+squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"rt3.8-db-mysql\", reference:\"3.8.8-7+squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"rt3.8-db-postgresql\", reference:\"3.8.8-7+squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"rt3.8-db-sqlite\", reference:\"3.8.8-7+squeeze5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:49", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2085", "CVE-2011-4459", "CVE-2011-4458", "CVE-2011-2084", "CVE-2011-2082", "CVE-2011-2083", "CVE-2011-0009", "CVE-2011-4460"], "description": "\nBestPractical report:\n\nInternal audits of the RT codebase have uncovered a\n\t number of security vulnerabilities in RT. We are releasing\n\t versions 3.8.12 and 4.0.6 to resolve these vulnerabilities,\n\t as well as patches which apply atop all released versions of\n\t 3.8 and 4.0.\nThe vulnerabilities addressed by 3.8.12, 4.0.6, and the\n\t below patches include the following:\nThe previously released tool to upgrade weak password\n\t hashes as part of CVE-2011-0009 was an incomplete fix and\n\t failed to upgrade passwords of disabled users.\nRT versions 3.0 and above contain a number of cross-site\n\t scripting (XSS) vulnerabilities which allow an attacker to\n\t run JavaScript with the user's credentials. CVE-2011-2083 is\n\t assigned to this vulnerability.\nRT versions 3.0 and above are vulnerable to multiple\n\t information disclosure vulnerabilities. This includes the\n\t ability for privileged users to expose users' previous\n\t password hashes -- this vulnerability is particularly\n\t dangerous given RT's weak hashing previous to the fix in\n\t CVE-2011-0009. A separate vulnerability allows privileged\n\t users to obtain correspondence history for any ticket in\n\t RT. CVE-2011-2084 is assigned to this vulnerability.\nAll publicly released versions of RT are vulnerable to\n\t cross-site request forgery (CSRF). CVE-2011-2085 is assigned\n\t to this vulnerability.\nWe have also added a separate configuration option\n\t ($RestrictLoginReferrer) to prevent login CSRF, a different\n\t class of CSRF attack.\nRT versions 3.6.1 and above are vulnerable to a remote\n\t execution of code vulnerability if the optional VERP\n\t configuration options ($VERPPrefix and $VERPDomain) are\n\t enabled. RT 3.8.0 and higher are vulnerable to a limited\n\t remote execution of code which can be leveraged for\n\t privilege escalation. RT 4.0.0 and above contain a\n\t vulnerability in the global $DisallowExecuteCode option,\n\t allowing sufficiently privileged users to still execute code\n\t even if RT was configured to not allow it. CVE-2011-4458 is\n\t assigned to this set of vulnerabilities.\nRT versions 3.0 and above may, under some circumstances,\n\t still respect rights that a user only has by way of a\n\t currently-disabled group. CVE-2011-4459 is assigned to this\n\t vulnerability.\nRT versions 2.0 and above are vulnerable to a SQL\n\t injection attack, which allow privileged users to obtain\n\t arbitrary information from the database. CVE-2011-4460 is\n\t assigned to this vulnerability.\n\n", "edition": 4, "modified": "2012-05-22T00:00:00", "published": "2012-05-22T00:00:00", "id": "E0A969E4-A512-11E1-90B4-E0CB4E266481", "href": "https://vuxml.freebsd.org/freebsd/e0a969e4-a512-11e1-90b4-e0cb4e266481.html", "title": "RT -- Multiple Vulnerabilities", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}