Test ID:	1.3.6.1.4.1.25623.1.0.64928
Category:	FreeBSD Local Security Checks
Title:	FreeBSD Ports: bugzilla
Summary:	The remote host is missing an update to the system; as announced in the referenced advisory.
Description:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: bugzilla CVE-2009-3125 SQL injection vulnerability in the Bug.search WebService function in Bugzilla 3.3.2 through 3.4.1, and 3.5, allows remote attackers to execute arbitrary SQL commands via unspecified parameters. CVE-2009-3165 SQL injection vulnerability in the Bug.create WebService function in Bugzilla 2.23.4 through 3.0.8, 3.1.1 through 3.2.4, and 3.3.1 through 3.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. CVE-2009-3166 token.cgi in Bugzilla 3.4rc1 through 3.4.1 places a password in a URL at the beginning of a login session that occurs immediately after a password reset, which allows context-dependent attackers to discover passwords by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3125 BugTraq ID: 36371 http://www.securityfocus.com/bid/36371 http://secunia.com/advisories/36718 Common Vulnerability Exposure (CVE) ID: CVE-2009-3165 BugTraq ID: 36373 http://www.securityfocus.com/bid/36373 Common Vulnerability Exposure (CVE) ID: CVE-2009-3166 BugTraq ID: 36372 http://www.securityfocus.com/bid/36372 http://www.securitytracker.com/id?1022902
Copyright	Copyright (C) 2009 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.