CVE-2012-6579
medium
CVSS v3
—
CVSS v2
6.4
VIR risk
6.4
Description
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to configure encryption or signing for certain outbound e-mail, and possibly cause a denial of service (loss of e-mail readability), via an e-mail message to a queue's address.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2012-6579
Vendor advisory: cve@mitre.org — http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | fixed | 4.0.7-2 |
| debian | bullseye | fixed | 4.0.7-2 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| bestpractical | request_tracker | 3.8.3 | |
| bestpractical | request_tracker | 3.8.4 | |
| bestpractical | request_tracker | 3.8.7 | |
| bestpractical | request_tracker | 3.8.9 | |
| bestpractical | request_tracker | 3.8.10 | |
| bestpractical | request_tracker | 3.8.11 | |
| bestpractical | request_tracker | 3.8.12 | |
| bestpractical | request_tracker | 3.8.13 | |
| bestpractical | request_tracker | 3.8.14 | |
| bestpractical | request_tracker | 4.0.0 | |
| bestpractical | request_tracker | 4.0.1 | |
| bestpractical | request_tracker | 4.0.2 | |
| bestpractical | request_tracker | 4.0.3 | |
| bestpractical | request_tracker | 4.0.4 | |
| bestpractical | request_tracker | 4.0.5 | |
| bestpractical | request_tracker | 4.0.6 | |
| bestpractical | request_tracker | 4.0.7 | |
References
CWEs
CWE-310
Verify integrity in audit chain (admin only). AS-IS.