Vulnerabilities > CVE-2005-4523 - Unspecified vulnerability in Mantis

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
mantis
nessus

Summary

Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information.

Nessus

NASL familyDebian Local Security Checks
NASL idDEBIAN_DSA-944.NASL
descriptionSeveral security related problems have been discovered in Mantis, a web-based bug tracking system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-4238 Missing input sanitising allows remote attackers to inject arbitrary web script or HTML. - CVE-2005-4518 Tobias Klein discovered that Mantis allows remote attackers to bypass the file upload size restriction. - CVE-2005-4519 Tobias Klein discovered several SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. - CVE-2005-4520 Tobias Klein discovered unspecified
last seen2020-06-01
modified2020-06-02
plugin id22810
published2006-10-14
reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/22810
titleDebian DSA-944-1 : mantis - several vulnerabilities
code
#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-944. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(22810);
  script_version("1.18");
  script_cvs_date("Date: 2019/08/02 13:32:20");

  script_cve_id("CVE-2005-4238", "CVE-2005-4518", "CVE-2005-4519", "CVE-2005-4520", "CVE-2005-4521", "CVE-2005-4522", "CVE-2005-4523", "CVE-2005-4524");
  script_bugtraq_id(15842, 16046);
  script_xref(name:"DSA", value:"944");

  script_name(english:"Debian DSA-944-1 : mantis - several vulnerabilities");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several security related problems have been discovered in Mantis, a
web-based bug tracking system. The Common Vulnerabilities and
Exposures project identifies the following problems :

  - CVE-2005-4238
    Missing input sanitising allows remote attackers to
    inject arbitrary web script or HTML.

  - CVE-2005-4518
    Tobias Klein discovered that Mantis allows remote
    attackers to bypass the file upload size restriction.

  - CVE-2005-4519
    Tobias Klein discovered several SQL injection
    vulnerabilities that allow remote attackers to execute
    arbitrary SQL commands.

  - CVE-2005-4520
    Tobias Klein discovered unspecified 'port injection'
    vulnerabilities in filters.

  - CVE-2005-4521
    Tobias Klein discovered a CRLF injection vulnerability
    that allows remote attackers to modify HTTP headers and
    conduct HTTP response splitting attacks.

  - CVE-2005-4522
    Tobias Klein discovered several cross-site scripting
    (XSS) vulnerabilities that allow remote attackers to
    inject arbitrary web script or HTML.

  - CVE-2005-4523
    Tobias Klein discovered that Mantis discloses private
    bugs via public RSS feeds, which allows remote attackers
    to obtain sensitive information.

  - CVE-2005-4524
    Tobias Klein discovered that Mantis does not properly
    handle 'Make note private' when a bug is being resolved,
    which has unknown impact and attack vectors, probably
    related to an information leak.

The old stable distribution (woody) does not seem to be affected by
these problems."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345288"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-4238"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-4518"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-4519"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-4520"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-4521"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-4522"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-4523"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-4524"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2006/dsa-944"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the mantis package.

For the stable distribution (sarge) these problems have been fixed in
version 0.19.2-5sarge1."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mantis");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/01/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14");
  script_set_attribute(attribute:"vuln_publication_date", value:"2005/12/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"3.1", prefix:"mantis", reference:"0.19.2-5sarge1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");