RT: Request Tracker < 3.8.17 / 4.0.13 Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 6841

Synopsis

The remote host is running a web application that is vulnerable to several attack vectors.

Description

Versions of Request Tracker earlier than 3.8.17 and 4.0.13 are affected by the following vulnerabilities :

- The rt command line tool uses semi-predictable temporary files. A malicious user can use this flaw to overwrite files with permissions of the user running the rt command line tool. (CVE-2013-3368)
- A malicious user who is allowed to see administration pages can run arbitrary Mason components (without control of arguments), which may have negative side-effects. (CVE-2013-3369)
- RT allows direct requests to private callback components, which could be used to exploit a Request Tracker extension or a local callback which uses the arguments passed to it insecurely. (CVE-2013-3370)
- Cross-site scripting attacks via attachment filenames. (CVE-2013-3371)
- HTTP header injection limited to the value of the Content-Disposition header. (CVE-2013-3372)
- A MIME header injection in outgoing email is possible via email templates. (Stock templates are resolved by updates, but any custom email templates should be updated to ensure that values interpolated into mail headers do not contain newlines.) (CVE-2013-3373)
- Request Tracker is vulnerable to limited session re-use when using the file-based session store, Apache::Session::File. However Request Tracker's default session configuration only uses Apache::Session::File when configured for Oracle databases. (CVE-2013-3374)
- RT 4.0.0 and above are vulnerable to a limited privilege escalation leading to unauthorized modification of ticket data. (CVE-2012-4733)

Solution

Upgrade to RT 3.8.17, 4.0.13, or later.

See Also

http://www.bestpractical.com/rt/release-notes/3.8.17

http://www.bestpractical.com/rt/release-notes/4.0.13

Plugin Details

Severity: Medium

ID: 6841

Family: CGI

Published: 5/24/2013

Updated: 3/6/2019

Nessus ID: 68996

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 5.4

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:bestpractical:rt

Patch Publication Date: 5/22/2013

Vulnerability Publication Date: 5/22/2013

Reference Information

CVE: CVE-2012-4733, CVE-2013-3368, CVE-2013-3369, CVE-2013-3370, CVE-2013-3371, CVE-2013-3372, CVE-2013-3373, CVE-2013-3374

BID: 60083, 60091, 60093, 60094, 60095, 60096, 60105, 60106, 62014