Test ID:	1.3.6.1.4.1.25623.1.0.60211
Category:	Debian Local Security Checks
Title:	Debian Security Advisory DSA 1467-1 (mantis)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to mantis announced via advisory DSA 1467-1. Several remote vulnerabilities have been discovered in Mantis, a web based bug tracking system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-6574 Custom fields were not appropriately protected by per-item access control, allowing for sensitive data to be published. CVE-2007-6611 Multiple cross site scripting issues allowed a remote attacker to insert malicious HTML or web script into Mantis web pages. The stable distribution (etch) is not affected by these problems. For the old stable distribution (sarge), these problems have been fixed in version 0.19.2-5sarge5. For the unstable distribution (sid), these problems have been fixed in version 1.0.8-4. We recommend that you upgrade your mantis package. Solution: https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201467-1 CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-6574 BugTraq ID: 21566 http://www.securityfocus.com/bid/21566 Debian Security Information: DSA-1467 (Google Search) http://www.debian.org/security/2008/dsa-1467 http://bugs.mantisbugtracker.com/view.php?id=3375 http://bugs.mantisbugtracker.com/view.php?id=7364 http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?r1=1.34&r2=1.35 http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?view=log http://secunia.com/advisories/23258 http://secunia.com/advisories/28551 http://www.vupen.com/english/advisories/2006/4978 XForce ISS Database: mantis-customfield-info-disclosure(30870) https://exchange.xforce.ibmcloud.com/vulnerabilities/30870 Common Vulnerability Exposure (CVE) ID: CVE-2007-6611 BugTraq ID: 27045 http://www.securityfocus.com/bid/27045 https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00227.html https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00309.html http://security.gentoo.org/glsa/glsa-200803-04.xml http://osvdb.org/39873 http://secunia.com/advisories/28185 http://secunia.com/advisories/28352 http://secunia.com/advisories/29198
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.