Contact Us
SECURITY BLOG SECURITY DASHBOARD PARTNERS PRODUCTS JOBS SERVICES COMPANY HOME
 
Security Dashboard | US-CERTs | SecurityFocus | Advisories | Exploits | Threats | Vulnerabilities | Risks
Network Security Consulting Advisories Article

MantisBT Multiple Security Bypass Vulnerabilities

http://www.securityfocus.com/bid/52313

Security Info

Bugtraq ID: 52313
Class: Design Error
CVE: CVE-2012-1118
CVE-2012-1119
CVE-2012-1122
CVE-2012-1123
Remote: Yes
Local: No
Published: Mar 06 2012 12:00AM
Updated: Jun 26 2012 11:00PM
Credit: spoidras, libregeek and Zonix
Vulnerable: Mantisbt Mantisbt 1.2.8
Mantisbt Mantisbt 1.2.7
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.1
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
Not Vulnerable: Mantisbt Mantisbt 1.2.9

Security Discussion

MantisBT is prone to multiple security-bypass vulnerabilities.

Successfully exploiting these issues will allow attackers to bypass security restrictions and perform unauthorized actions.

MantisBT versions prior to 1.2.9 are vulnerable.

Proof of Concept and Security Exploits

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

Security Solution(s)

Solution:
Vendor patch is available. Please see the references for more information.

Security References(s)

References:

Contact Us

Security Penetration Testing

Security Questions

Security Dashboard

Emagined Security Blog featuring Dr. Eugene Schultz
Site Updated June 19, 2013
©2000-2013 Emagined Security
All Rights Reserved

Secure Web Programming
by Vizual Services