Secunia
Login
|
|
|
|
|
|
|
|
|
RT Devel::StackTrace Denial of Service Vulnerability
Release Date: 2008-06-25 Last Update: 2008-08-13 Views: 5,661
Secunia Advisory SA30830
Where:
From remote
Impact:
DoS,
Solution Status:
Vendor Patch
CVE Reference(s):
Description
A vulnerability has been reported in RT, which can exploited by malicious users to cause a DoS (Denial of Service).
The vulnerability is caused due to an error in the "Devel::StackTrace" Perl module and can be exploited to exhaust all available memory or consume all CPU resources.
Successful exploitation requires that the attacker is a privileged RT user.
The vulnerability is reported in 3.x versions prior to 3.6.7.
Solution:
Update to version 3.6.7.
Provided and/or discovered by:
The vendor credits Rune Hammersland.
Original Advisory:
http://lists.bestpractical.com/pipermail/rt-announce/2008-June/000158.html
Deep Links:
Links available to Secunia VIM customers
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com
Subject: RT Devel::StackTrace Denial of Service Vulnerability
|
No posts yet |
|
You must be logged in to post a comment. |
