Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-2500.NASL
HistoryJun 29, 2012 - 12:00 a.m.

Debian DSA-2500-1 : mantis - several vulnerabilities

2012-06-2900:00:00
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8
JSON

Several vulnerabilities were discovered in Mantis, an issue tracking system.

  • CVE-2012-1118 Mantis installation in which the private_bug_view_threshold configuration option has been set to an array value do not properly enforce bug viewing restrictions.

  • CVE-2012-1119 Copy/clone bug report actions fail to leave an audit trail.

  • CVE-2012-1120 The delete_bug_threshold/bugnote_allow_user_edit_delete access check can be bypassed by users who have write access to the SOAP API.

  • CVE-2012-1122 Mantis performed access checks incorrectly when moving bugs between projects.

  • CVE-2012-1123 A SOAP client sending a null password field can authenticate as the Mantis administrator.

  • CVE-2012-2692 Mantis does not check the delete_attachments_threshold permission when a user attempts to delete an attachment from an issue.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-2500. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(59778);
  script_version("1.11");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2012-1118", "CVE-2012-1119", "CVE-2012-1120", "CVE-2012-1122", "CVE-2012-1123", "CVE-2012-2692");
  script_bugtraq_id(52313, 53907, 53921);
  script_xref(name:"DSA", value:"2500");

  script_name(english:"Debian DSA-2500-1 : mantis - several vulnerabilities");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several vulnerabilities were discovered in Mantis, an issue tracking
system.

  - CVE-2012-1118
    Mantis installation in which the
    private_bug_view_threshold configuration option has been
    set to an array value do not properly enforce bug
    viewing restrictions.

  - CVE-2012-1119
    Copy/clone bug report actions fail to leave an audit
    trail.

  - CVE-2012-1120
    The delete_bug_threshold/bugnote_allow_user_edit_delete
    access check can be bypassed by users who have write
    access to the SOAP API.

  - CVE-2012-1122
    Mantis performed access checks incorrectly when moving
    bugs between projects.

  - CVE-2012-1123
    A SOAP client sending a null password field can
    authenticate as the Mantis administrator.

  - CVE-2012-2692
    Mantis does not check the delete_attachments_threshold
    permission when a user attempts to delete an attachment
    from an issue."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2012-1118"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2012-1119"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2012-1120"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2012-1122"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2012-1123"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2012-2692"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/squeeze/mantis"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2012/dsa-2500"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the mantis packages.

For the stable distribution (squeeze), these problems have been fixed
in version 1.1.8+dfsg-10squeeze2."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mantis");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/06/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/29");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"6.0", prefix:"mantis", reference:"1.1.8+dfsg-10squeeze2")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxmantisp-cpe:/a:debian:debian_linux:mantis
debiandebian_linux6.0cpe:/o:debian:debian_linux:6.0

Related

openvas 14
osv 1
debian 1
fedora 5
nessus 5
gentoo 1
prion 6
cve 6
ubuntucve 6
freebsd 1
openvas
openvas
Debian Security Advisory DSA 2500-1 (mantis)
2012-08-10 00:00:00
Debian: Security Advisory (DSA-2500-1)
2012-08-10 00:00:00
Fedora Update for mantis FEDORA-2012-18299
2012-11-26 00:00:00
osv
osv
mantis - several
2012-06-24 00:00:00
debian
debian
[SECURITY] [DSA 2500-1] mantis security update
2012-06-24 12:12:36
fedora
fedora
[SECURITY] Fedora 18 Update: mantis-1.2.12-1.fc18
2012-11-23 07:56:23
[SECURITY] Fedora 17 Update: mantis-1.2.12-1.fc17
2012-11-24 03:25:38
[SECURITY] Fedora 16 Update: mantis-1.2.12-1.fc16
2012-11-24 03:24:38
nessus
nessus
Fedora 16 : mantis-1.2.12-1.fc16 (2012-18299)
2012-11-26 00:00:00
Fedora 18 : mantis-1.2.12-1.fc18 (2012-18273)
2012-11-26 00:00:00
Fedora 17 : mantis-1.2.12-1.fc17 (2012-18294)
2012-11-26 00:00:00
gentoo
gentoo
MantisBT: Multiple vulnerabilities
2012-11-08 00:00:00
prion
prion
Design/Logic Flaw
2012-06-29 19:55:00
Authentication flaw
2012-06-29 19:55:00
Design/Logic Flaw
2012-06-17 03:41:00
cve
cve
CVE-2012-1119
2012-06-29 19:55:00
CVE-2012-1123
2012-06-29 19:55:00
CVE-2012-2692
2012-06-17 03:41:00
ubuntucve
ubuntucve
CVE-2012-1119
2012-06-29 00:00:00
CVE-2012-1123
2012-06-29 00:00:00
CVE-2012-2692
2012-06-17 00:00:00
freebsd
freebsd
mantis -- multiple vulnerabilities
2012-06-09 00:00:00
JSON
Related for DEBIAN_DSA-2500.NASL
openvas14osv1debian1fedora5nessus5gentoo1prion6cve6ubuntucve6freebsd1