Test ID:	1.3.6.1.4.1.25623.1.0.57581
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1208-1)
Summary:	The remote host is missing an update for the Debian 'bugzilla' package(s) announced via the DSA-1208-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'bugzilla' package(s) announced via the DSA-1208-1 advisory. Vulnerability Insight: Several remote vulnerabilities have been discovered in the Bugzilla bug tracking system, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-4534 Javier Fernandez-Sanguino Pena discovered that insecure temporary file usage may lead to denial of service through a symlink attack. CVE-2006-5453 Several cross-site scripting vulnerabilities may lead to injection of arbitrary web script code. For the stable distribution (sarge) these problems have been fixed in version 2.16.7-7sarge2. For the upcoming stable distribution (etch) these problems have been fixed in version 2.22.1-1. For the unstable distribution (sid) these problems have been fixed in version 2.22.1-1. We recommend that you upgrade your bugzilla packages. Affected Software/OS: 'bugzilla' package(s) on Debian 3.1. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-4534 BugTraq ID: 16061 http://www.securityfocus.com/bid/16061 Bugtraq: 20051228 [BUGZILLA] Security advisory for Bugzilla < 2.16.11 (Google Search) http://www.securityfocus.com/archive/1/420353/100/0/threaded Debian Security Information: DSA-1208 (Google Search) http://www.debian.org/security/2006/dsa-1208 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329387 http://securitytracker.com/id?1015411 http://secunia.com/advisories/18218 http://secunia.com/advisories/22826 http://securityreason.com/securityalert/302 XForce ISS Database: bugzilla-syncshadowdb-symlink(23863) https://exchange.xforce.ibmcloud.com/vulnerabilities/23863 Common Vulnerability Exposure (CVE) ID: CVE-2006-5453 BugTraq ID: 20538 http://www.securityfocus.com/bid/20538 Bugtraq: 20061015 Security Advisory for Bugzilla 2.18.5, 2.20.2, 2.22, and 2.23.2 (Google Search) http://www.securityfocus.com/archive/1/448777/100/100/threaded http://security.gentoo.org/glsa/glsa-200611-04.xml http://www.osvdb.org/29544 http://www.osvdb.org/29545 http://www.osvdb.org/29549 http://securitytracker.com/id?1017063 http://secunia.com/advisories/22409 http://secunia.com/advisories/22790 http://securityreason.com/securityalert/1760 http://www.vupen.com/english/advisories/2006/4035 XForce ISS Database: bugzilla-h1h2-tags-xss(29610) https://exchange.xforce.ibmcloud.com/vulnerabilities/29610 XForce ISS Database: bugzilla-showdependencygraph(29619) https://exchange.xforce.ibmcloud.com/vulnerabilities/29619
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.