| |||||||||||||
| Test ID: | 1.3.6.1.4.1.25623.1.0.67714 |
| Category: | FreeBSD Local Security Checks |
| Title: | FreeBSD Ports: bugzilla |
| Summary: | FreeBSD Ports: bugzilla |
| Description: | The remote host is missing an update to the system as announced in the referenced advisory. The following package is affected: bugzilla CVE-2010-1204 Search.pm in Bugzilla 2.17.1 through 3.2.6, 3.3.1 through 3.4.6, 3.5.1 through 3.6, and 3.7 allows remote attackers to obtain potentially sensitive time-tracking information via a crafted search URL, related to a 'boolean chart search.' CVE-2010-0180 Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6 and 3.7, when use_suexec is enabled, uses world-readable permissions for the localconfig files, which allows local users to read sensitive configuration fields, as demonstrated by the database password field and the site_wide_secret field. Solution: Update your system with the appropriate patches or software upgrades. https://bugzilla.mozilla.org/show_bug.cgi?id=309952 https://bugzilla.mozilla.org/show_bug.cgi?id=561797 http://www.vuxml.org/freebsd/f1331504-8849-11df-89b8-00151735203a.html |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-1204 BugTraq ID: 41141 http://www.securityfocus.com/bid/41141 http://secunia.com/advisories/40300 http://www.vupen.com/english/advisories/2010/1595 Common Vulnerability Exposure (CVE) ID: CVE-2010-0180 BugTraq ID: 41144 http://www.securityfocus.com/bid/41144 |
| Copyright | Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com |
| This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |
|
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois
© 1998-2013 E-Soft Inc. All rights reserved.