Articles / Debian: Security update for...

Debian: Security update for Request Tracker

Several vulnerabilities were in Request Tracker, an issue tracking system. If the external custom field feature is enabled, Request Tracker allows authenticated users to execute arbitrary code with the permissions of the web server, possible triggered by a cross-site request forgery attack. Multiple SQL injection attacks allow authenticated users to obtain data from the database in an unauthorized way. An information leak allows an authenticated privileged user to obtain sensitive information, such as encrypted passwords, via the search interface. When running under certain web servers (such as Lighttpd), Request Tracker is vulnerable to a directory traversal attack, allowing attackers to read any files accessible to the web server. Request Tracker contains multiple cross-site scripting vulnerabilities. Request Tracker enables attackers to redirect authentication credentials supplied by legitimate users to third-party servers. Updated packages are available from security.debian.org.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2220-1                   security@debian.org
http://www.debian.org/security/                            Florian Weimer
April 19, 2011                         http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : request-tracker3.6, request-tracker3.8
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-1685 CVE-2011-1686 CVE-2011-1687 CVE-2011-1688 
                CVE-2011-1689 CVE-2011-1690

Several vulnerabilities were in Request Tracker, an issue tracking
system.

CVE-2011-1685
   If the external custom field feature is enabled, Request Tracker
   allows authenticated users to execute arbitrary code with the
   permissions of the web server, possible triggered by a cross-site
   request forgery attack.  (External custom fields are disabled by
   default.)

CVE-2011-1686
   Multiple SQL injection attacks allow authenticated users to obtain
   data from the database in an unauthorized way.

CVE-2011-1687
   An information leak allows an authenticated privileged user to
   obtain sensitive information, such as encrypted passwords, via the
   search interface.

CVE-2011-1688
   When running under certain web servers (such as Lighttpd), Request
   Tracker is vulnerable to a directory traversal attack, allowing
   attackers to read any files accessible to the web server.  Request
   Tracker instances running under Apache or Nginx are not affected.

CVE-2011-1689
   Request Tracker contains multiple cross-site scripting
   vulnerabilities.

CVE-2011-1690
   Request Tracker enables attackers to redirect authentication
   credentials supplied by legitimate users to third-party servers.


For the oldstable distribution (lenny), these problems have been fixed
in version 3.6.7-5+lenny6 of the request-tracker3.6 package.

For the stable distribution (squeeze), these problems have been fixed
in version 3.8.8-7+squeeze1 of the request-tracker3.8 package.

For the testing distribution (wheezy) and the unstable distribution
(sid), these problems have been fixed in version 3.8.10-1 of the
request-tracker3.8 package.

We recommend that you upgrade your Request Tracker packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJNrdPiAAoJEL97/wQC1SS+3dgIAKLuPySVeWmsXlKJ/sgeFjXm
19lDcDzI9QHd7V+Y9paNGxud8F7GlXF4PR/fFGso1ho9eH3I9VRwL+NY/EQmlEkc
8disl5IjtVE5bZ19c650oRGpyQc8LKQ/6V/XoYmaFn5eJSZfnj3/hRHj5dGCmKZd
ASQ6zM7VWXCYHudVBokza1U9lqI2rLosS5sc+HmaUkvjZvTLpANvOSmThxxA28+L
lC3dQs8Aw+17NSbmPjP5zzNYIpjqhcPvCg+KHdDc/FJryBqJe0Nnaf2tb4PXNALT
omxPu6xpgXTUWA3vhWbzuVVk7o8JIYPTxx4vRrJkwMKQ7f4wq7DiCZhnXdswahU=
=LRAr
-----END PGP SIGNATURE-----
Screenshot

Project Spotlight

Clonezilla

A partition or disk cloning tool similar to Symantec Ghost.

Screenshot

Project Spotlight

EFL

Software that provides ready to use CFEngine policy.