fkie_nvd - fkie_cve-2012-6578

fkie_cve-2012-6578

Vulnerability from fkie_nvd

Published

2013-07-24 12:01

Modified

2024-11-21 01:46

Severity ?

Summary

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a "Sign by default" queue configuration, uses a queue's key for signing, which might allow remote attackers to spoof messages by leveraging the lack of authentication semantics.

References

▼	URL	Tags
	cve@mitre.org	http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
bestpractical	request_tracker	3.8.3
bestpractical	request_tracker	3.8.4
bestpractical	request_tracker	3.8.7
bestpractical	request_tracker	3.8.9
bestpractical	request_tracker	3.8.10
bestpractical	request_tracker	3.8.11
bestpractical	request_tracker	3.8.12
bestpractical	request_tracker	3.8.13
bestpractical	request_tracker	3.8.14
bestpractical	request_tracker	4.0.0
bestpractical	request_tracker	4.0.1
bestpractical	request_tracker	4.0.2
bestpractical	request_tracker	4.0.3
bestpractical	request_tracker	4.0.4
bestpractical	request_tracker	4.0.5
bestpractical	request_tracker	4.0.6
bestpractical	request_tracker	4.0.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E751355A-5C27-47D5-A501-BE0033BB8E06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB660C2B-9EAB-45E7-83D4-C61B71A70704",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6149929E-AC54-484C-9914-BE5B9011B6C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "96D2D87E-2C68-44F7-B8C5-922452742A4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDD49949-14EC-4023-8FC5-6BDC5EC64991",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BF47625-80E7-4B73-8C93-8E022AC2703B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24F467B-2654-4ED4-B1C9-66BE6D263C72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "5947B639-9DA1-401A-A227-31A065B4C1A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "E53B005E-8714-4E5D-B026-E22C7FA6DCEA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "44234832-170D-43E0-9643-19CE57378721",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "38CFCCD6-6C5D-41CD-B7FB-D925A46E615C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "814172FB-6F34-4356-8105-70AEBE0B6F6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D282AC9F-E087-4D8D-B467-1D9480B3ABDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "42F21EB3-8CE6-4F87-A5DE-A01AA32B943F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EDB4AD7-96B5-4D72-8C51-23D744D10C46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0096B700-17B5-4158-A736-ECFDF9E9935B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0AF4515-6DB1-406A-878C-6DB32D021BA0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a \"Sign by default\" queue configuration, uses a queue\u0027s key for signing, which might allow remote attackers to spoof messages by leveraging the lack of authentication semantics."
    },
    {
      "lang": "es",
      "value": "Best Practical Solutions RT 3.8.x anterior a 3.8.15 y 4.0.x anterior a 4.0.8, cuando GnuPG est\u00e1 activado con \"Sing by defaul\" (firmar por defecto), utiliza una cola de claves para firmar que podr\u00eda permitir a atacantes remotos suplantar mensajes aprovechando la falta de autenticaci\u00f3n sem\u00e1ntica."
    }
  ],
  "id": "CVE-2012-6578",
  "lastModified": "2024-11-21T01:46:25.330",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-07-24T12:01:45.083",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2012-6578

Vulnerability from cvelistv5

Published

2013-07-24 10:00

Modified

2024-09-17 02:41