OSVDB ID: 93610

Title: RT Arbitrary Mason Component Execution

Info

Disclosure

May 22, 2013

Discovery

Unknown

Dates

Exploit

Unknown

Solution

May 22, 2013

Description

RT contains a flaw that is due to the program allowing the calling of arbitrary Mason components without control of arguments. This may allow a remote authenticated attacker to execute arbitrary private components which may, according to the vendor, 'have negative side-effects'.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS, Upgrade
Exploit: Exploit Unknown
Disclosure: Vendor Verified
OSVDB: Authentication Required

Solution

It has been reported that this issue has been fixed. Upgrade to version 3.8.17, 4.0.13, or higher, to address this vulnerability. In addition, the vendor has released a patch for some older versions.

Products

Best Practical Solutions LLC.

RT

3.8.16
3.8.15
3.8.14
3.8.13
3.8.12
3.8.11
3.8.10
3.8.9
3.8.7
3.8.4
3.8.3
3.8.0
4.0.12
4.0.11
4.0.10
4.0.9
4.0.8
4.0.7
4.0.6
4.0.5
4.0.4
4.0.3
4.0.2
4.0.1
4.0.0

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/93610