Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-3120.NASL
HistoryJan 08, 2015 - 12:00 a.m.

Debian DSA-3120-1 : mantis - security update

2015-01-0800:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
JSON

Multiple security issues have been found in the Mantis bug tracking system, which may result in phishing, information disclosure, CAPTCHA bypass, SQL injection, cross-site scripting or the execution of arbitrary PHP code.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-3120. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(80401);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2013-1811", "CVE-2013-1934", "CVE-2013-4460", "CVE-2014-6316", "CVE-2014-6387", "CVE-2014-7146", "CVE-2014-8553", "CVE-2014-8554", "CVE-2014-8598", "CVE-2014-8986", "CVE-2014-8988", "CVE-2014-9089", "CVE-2014-9117", "CVE-2014-9269", "CVE-2014-9270", "CVE-2014-9271", "CVE-2014-9272", "CVE-2014-9280", "CVE-2014-9281", "CVE-2014-9388", "CVE-2014-9506");
  script_bugtraq_id(70856, 70993, 70996, 71104, 71197, 71298, 71321, 71361, 71368, 71371, 71372, 71375, 71380, 71478, 71553);
  script_xref(name:"DSA", value:"3120");

  script_name(english:"Debian DSA-3120-1 : mantis - security update");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple security issues have been found in the Mantis bug tracking
system, which may result in phishing, information disclosure, CAPTCHA
bypass, SQL injection, cross-site scripting or the execution of
arbitrary PHP code."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/wheezy/mantis"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2015/dsa-3120"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the mantis packages.

For the stable distribution (wheezy), these problems have been fixed
in version 1.2.18-1."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:X/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'MantisBT XmlImportExport Plugin PHP Code Injection Vulnerability');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mantis");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/01/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/01/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/08");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"7.0", prefix:"mantis", reference:"1.2.18-1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxmantisp-cpe:/a:debian:debian_linux:mantis
debiandebian_linux7.0cpe:/o:debian:debian_linux:7.0

References

Related

openvas 25
osv 1
debian 1
securityvulns 4
nessus 20
fedora 16
archlinux 4
prion 23
cvelist 23
cve 23
zdt 4
ubuntucve 22
veracode 2
packetstorm 3
symantec 1
openvas
openvas
Debian: Security Advisory (DSA-3120-1)
2015-01-05 00:00:00
Debian Security Advisory DSA 3120-1 (mantis - security update)
2015-01-06 00:00:00
MantisBT <= 1.2.17 Multiple Vulnerabilities
2014-11-25 00:00:00
osv
osv
mantis - security update
2015-01-06 00:00:00
debian
debian
[SECURITY] [DSA 3120-1] mantis security update
2015-01-06 20:36:00
securityvulns
securityvulns
[SECURITY] [DSA 3120-1] mantis security update
2015-01-19 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2015-01-19 00:00:00
[KIS-2014-18] Mantis Bug Tracker &lt;= 1.2.17 &#40;ImportXml.php&#41; PHP Code Injection Vulnerability
2015-01-02 00:00:00
nessus
nessus
MantisBT 1.2.x < 1.2.18 Multiple Vulnerabilities
2015-01-22 00:00:00
MantisBT < 1.2.18 Multiple Vulnerabilities
2015-02-18 00:00:00
Fedora 20 : mantis-1.2.18-1.fc20 (2014-16546)
2014-12-22 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: mantis-1.2.18-1.fc21
2014-12-20 08:51:48
[SECURITY] Fedora 20 Update: mantis-1.2.18-1.fc20
2014-12-20 08:48:12
[SECURITY] Fedora 19 Update: mantis-1.2.18-1.fc19
2014-12-20 08:34:55
archlinux
archlinux
mantisbt: multiple issues
2014-12-08 00:00:00
mantisbt: arbitrary code execution and unrestricted access
2014-11-12 00:00:00
mantisbt: sql injection
2014-11-05 00:00:00
prion
prion
Code injection
2014-11-18 15:59:00
Sql injection
2014-11-28 15:59:00
Null pointer dereference
2014-12-08 16:59:00
cvelist
cvelist
CVE-2014-8598
2014-11-18 15:00:00
CVE-2014-9280
2014-12-08 16:00:00
CVE-2014-8988
2014-11-24 15:00:00
cve
cve
CVE-2014-8598
2014-11-18 15:59:00
CVE-2014-9089
2014-11-28 15:59:00
CVE-2014-8988
2014-11-24 15:59:00
zdt
zdt
MantisBT 1.2.0a3 < 1.2.17 - XmlImportExport Plugin PHP Code Injection Exploit
2017-03-23 00:00:00
MantisBT XmlImportExport Plugin PHP Code Injection Exploit
2014-11-18 00:00:00
MantisBT XmlImportExport Plugin PHP Code Injection Exploit
2014-11-16 00:00:00
ubuntucve
ubuntucve
CVE-2014-8598
2014-11-18 00:00:00
CVE-2014-9089
2014-11-28 00:00:00
CVE-2014-8988
2014-11-24 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2019-06-26 08:43:59
Protection Mechanism Bypass
2019-06-28 03:44:30
packetstorm
packetstorm
Mantis Bug Tracker 1.2.17 PHP Code Injection
2014-12-31 00:00:00
MantisBT XmlImportExport Plugin PHP Code Injection
2014-11-18 00:00:00
Mantis BugTracker 1.2.19 Open Redirect
2015-01-28 00:00:00
symantec
symantec
MantisBT CVE-2013-1934 HTML Injection Vulnerability
2013-01-23 00:00:00
JSON
Related for DEBIAN_DSA-3120.NASL
openvas25osv1debian1securityvulns4nessus20fedora16archlinux4prion23cvelist23cve23zdt4ubuntucve22veracode2packetstorm3symantec1