CVE Vulnerabilities

CVE-2011-5093

Published: Jun 04, 2012 | Modified: Jun 05, 2012
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

Best Practical Solutions RT 4.x before 4.0.6 does not properly implement the DisallowExecuteCode option, which allows remote authenticated users to bypass intended access restrictions and execute arbitrary code by leveraging access to a privileged account, a different vulnerability than CVE-2011-4458 and CVE-2011-5092.

Affected Software

Name Vendor Start Version End Version
Rt Bestpractical 3.8.12 (including) 3.8.12 (including)
Rt Bestpractical 4.0.0 (including) 4.0.0 (including)
Rt Bestpractical 4.0.0-rc1 (including) 4.0.0-rc1 (including)
Rt Bestpractical 4.0.0-rc2 (including) 4.0.0-rc2 (including)
Rt Bestpractical 4.0.0-rc3 (including) 4.0.0-rc3 (including)
Rt Bestpractical 4.0.0-rc4 (including) 4.0.0-rc4 (including)
Rt Bestpractical 4.0.0-rc5 (including) 4.0.0-rc5 (including)
Rt Bestpractical 4.0.0-rc6 (including) 4.0.0-rc6 (including)
Rt Bestpractical 4.0.0-rc7 (including) 4.0.0-rc7 (including)
Rt Bestpractical 4.0.0-rc8 (including) 4.0.0-rc8 (including)
Rt Bestpractical 4.0.1 (including) 4.0.1 (including)
Rt Bestpractical 4.0.2 (including) 4.0.2 (including)
Rt Bestpractical 4.0.3 (including) 4.0.3 (including)
Rt Bestpractical 4.0.4 (including) 4.0.4 (including)
Rt Bestpractical 4.0.5 (including) 4.0.5 (including)
Request-tracker3.6 Ubuntu hardy *
Request-tracker4 Ubuntu oneiric *
Request-tracker4 Ubuntu precise *
Request-tracker4 Ubuntu upstream *

References