oss-security - CVE request: MantisBT Null byte poisoning in LDAP authentication

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Message-ID: <loom.20140912T160102-206@post.gmane.org>
Date: Fri, 12 Sep 2014 14:03:37 +0000 (UTC)
From: Damien Regad <dregad@...tisbt.org>
To: oss-security@...ts.openwall.com
Subject: CVE request: MantisBT Null byte poisoning in LDAP authentication

Greetings

Matthew Daley reported a Null byte poisoning issue with LDAP 
authentication affecting MantisBT <= 1.2.17.

A malicious user can exploit this vulnerability to login as any 
registered user and without knowing their password, to systems relying 
on LDAP for user authentication (e.g. Active Directory or OpenLDAP with 
"allow bind_anon_cred"). 

Patches are available in [1]; full details on the original issue report 
can be found at [2]. Can you please assign a CVE ID to this issue ? 

Thank you

D. Regad
MantisBT Developer
http://mantisbt.org/

[1] http://github.com/mantisbt/mantisbt/commit/fc02c46ee (master branch)
    http://github.com/mantisbt/mantisbt/commit/215968fa8 (1.2.x branch)
[2] http://www.mantisbt.org/bugs/view.php?id=17640

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.