Flyspray is proudly sponsored by The Veloz Group

Flypray Security Announcement 1

Flyspray Administrator authentication bypass (2007-03-16)

Release Date 2007-03-16
Last Modified 2007-04-04 (added CVE references)
Author Cristian Rodriguez <judas.iscariote at flyspray dot org>
Application Flyspray 0.9.9
Risk High
Vendor Status The Flyspray project has released an updated version
References http://www.flyspray.org/fsa:1 CVE-2007-1788
Discovered by Stefan Esser <sesser at hardened-php dot net>

Details:

Flyspray authentication system can be bypassed by sending a carefully crafted post request. To be vulnerable, PHP configuration directive output_buffering has to be disabled or set to a low value.

Proof of concept:

The Flyspray team will not release an example exploit to the public.

Disclosure Timeline:

13. March 2007 - vulnerability discovered by Stefan Esser
13. March 2007 - possible solution discussed privately
13. March 2007 - Fix commited the SVN repository
16. March 2007 - Public disclosure.

Recommendation:

We strongly recommend to upgrade to the new version.


Personal Tools