Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

DSA-420-1 jitterbug -- improperly sanitised input

Related Vulnerabilities: CVE-2004-0028  

Steve Kemp discovered a security related problem in jitterbug, a simple CGI based bug tracking and reporting tool. Unfortunately the program executions do not properly sanitize input, which allows an attacker to execute arbitrary commands on the server hosting the bug database. As mitigating factors these attacks are only available to non-guest users, and accounts for these people must be setup by the administrator making them "trusted". For the stable distribution (woody) this problem has been fixed in version 1.6.2-4.2woody2. For the unstable distribution (sid) this problem has been fixed in version 1.6.2-4.5. We recommend that you upgrade your jitterbug package.

Source

Debian Security Advisory

DSA-420-1 jitterbug -- improperly sanitised input

Date Reported:
12 Jan 2004
Affected Packages:
jitterbug
Vulnerable:
Yes
Security database references:
In the Bugtraq database (at SecurityFocus): BugTraq ID 9397.
In Mitre's CVE dictionary: CVE-2004-0028.
More information:

Steve Kemp discovered a security related problem in jitterbug, a simple CGI based bug tracking and reporting tool. Unfortunately the program executions do not properly sanitize input, which allows an attacker to execute arbitrary commands on the server hosting the bug database. As mitigating factors these attacks are only available to non-guest users, and accounts for these people must be setup by the administrator making them "trusted".

For the stable distribution (woody) this problem has been fixed in version 1.6.2-4.2woody2.

For the unstable distribution (sid) this problem has been fixed in version 1.6.2-4.5.

We recommend that you upgrade your jitterbug package.

Fixed in:

Debian GNU/Linux 3.0 (woody)

Source:
http://security.debian.org/pool/updates/main/j/jitterbug/jitterbug_1.6.2-4.2woody2.dsc
http://security.debian.org/pool/updates/main/j/jitterbug/jitterbug_1.6.2-4.2woody2.diff.gz
http://security.debian.org/pool/updates/main/j/jitterbug/jitterbug_1.6.2.orig.tar.gz
Alpha:
http://security.debian.org/pool/updates/main/j/jitterbug/jitterbug_1.6.2-4.2woody2_alpha.deb
ARM:
http://security.debian.org/pool/updates/main/j/jitterbug/jitterbug_1.6.2-4.2woody2_arm.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/j/jitterbug/jitterbug_1.6.2-4.2woody2_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/j/jitterbug/jitterbug_1.6.2-4.2woody2_ia64.deb
HPPA:
http://security.debian.org/pool/updates/main/j/jitterbug/jitterbug_1.6.2-4.2woody2_hppa.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/j/jitterbug/jitterbug_1.6.2-4.2woody2_m68k.deb
Big endian MIPS:
http://security.debian.org/pool/updates/main/j/jitterbug/jitterbug_1.6.2-4.2woody2_mips.deb
Little endian MIPS:
http://security.debian.org/pool/updates/main/j/jitterbug/jitterbug_1.6.2-4.2woody2_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/j/jitterbug/jitterbug_1.6.2-4.2woody2_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/j/jitterbug/jitterbug_1.6.2-4.2woody2_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/j/jitterbug/jitterbug_1.6.2-4.2woody2_sparc.deb

MD5 checksums of the listed files are available in the original advisory.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started