Multiple vulnerabilities in Debian Linux

1) Information disclosure

EUVDB-ID: #VU40389

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2015-8537

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sensitive information by viewing an Atom feed.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Debian Linux: 8.0

Redmine: 3.0.0 - 8.0

External links

http://www.debian.org/security/2016/dsa-3529
http://www.redmine.org/news/103
http://github.com/redmine/redmine/commit/7e423fb4538247d59e01958c48b491f196a1de56

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU40390

Risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2015-8474

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Open redirect vulnerability in the valid_back_url function in app/controllers/application_controller.rb in Redmine before 2.6.7, 3.0.x before 3.0.5, and 3.1.x before 3.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted back_url parameter, as demonstrated by "@attacker.com," a different vulnerability than CVE-2014-1985. <a href="http://cwe.mitre.org/data/definitions/601.html">CWE-601: URL Redirection to Untrusted Site ('Open Redirect')</a>

Mitigation

Install update from vendor's website.

Vulnerable software versions

Debian Linux: 7.0 - 8.0

Redmine: 2.5.1 - 8.0

External links

http://www.debian.org/security/2016/dsa-3529
http://www.redmine.org/news/101
http://www.securityfocus.com/bid/78625
http://github.com/redmine/redmine/commit/032f2c9be6520d9d1a1608aa4f1d5d1f184f2472
http://www.redmine.org/issues/19577

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Information disclosure

EUVDB-ID: #VU40391

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2015-8473

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Debian Linux: 8.0

Redmine: 3.0.0 - 8.0

External links

http://www.debian.org/security/2016/dsa-3529
http://www.securityfocus.com/bid/78621
http://github.com/redmine/redmine/commit/8d8f612fa368a72c56b63f7ce6b7e98cab9feb22
http://www.redmine.org/issues/21136
http://www.redmine.org/projects/redmine/wiki/Changelog_3_0
http://www.redmine.org/projects/redmine/wiki/Changelog_3_1
http://www.redmine.org/versions/105

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.