English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.70411
Category:Debian Local Security Checks
Title:Debian: Security Advisory (DSA-2322-1)
Summary:The remote host is missing an update for the Debian 'bugzilla' package(s) announced via the DSA-2322-1 advisory.
Description:Summary:
The remote host is missing an update for the Debian 'bugzilla' package(s) announced via the DSA-2322-1 advisory.

Vulnerability Insight:
Several vulnerabilities were discovered in Bugzilla, a web-based bug tracking system.

CVE-2010-4572

By inserting particular strings into certain URLs, it was possible to inject both headers and content to any browser.

CVE-2010-4567, CVE-2011-0048 Bugzilla has a URL field that can contain several types of URL, including javascript: and data: URLs. However, it does not make javascript: and data: URLs into clickable links, to protect against cross-site scripting attacks or other attacks. It was possible to bypass this protection by adding spaces into the URL in places that Bugzilla did not expect them. Also, javascript: and data: links were always shown as clickable to logged-out users.

CVE-2010-4568

It was possible for a user to gain unauthorized access to any Bugzilla account in a very short amount of time (short enough that the attack is highly effective).

CVE-2011-0046

Various pages were vulnerable to Cross-Site Request Forgery attacks. Most of these issues are not as serious as previous CSRF vulnerabilities.

CVE-2011-2978

When a user changes his email address, Bugzilla trusts a user-modifiable field for obtaining the current e-mail address to send a confirmation message to. If an attacker has access to the session of another user (for example, if that user left their browser window open in a public place), the attacker could alter this field to cause the email-change notification to go to their own address. This means that the user would not be notified that his account had its email address changed by the attacker.

CVE-2011-2381

For flagmails only, attachment descriptions with a newline in them could lead to the injection of crafted headers in email notifications when an attachment flag is edited.

CVE-2011-2379

Bugzilla uses an alternate host for attachments when viewing them in raw format to prevent cross-site scripting attacks. This alternate host is now also used when viewing patches in Raw Unified mode because Internet Explorer 8 and older, and Safari before 5.0.6 do content sniffing, which could lead to the execution of malicious code.

CVE-2011-2380, CVE-2011-2979 Normally, a group name is confidential and is only visible to members of the group, and to non-members if the group is used in bugs. By crafting the URL when creating or editing a bug, it was possible to guess if a group existed or not, even for groups which weren't used in bugs and so which were supposed to remain confidential.

For the oldstable distribution (lenny), it has not been practical to backport patches to fix these bugs. Users of bugzilla on lenny are strongly advised to upgrade to the version in the squeeze distribution.

For the stable distribution (squeeze), these problems have been fixed in version 3.6.2.0-4.4.

For the testing distribution (wheezy) and the unstable distribution (sid), the bugzilla packages have been removed.

We recommend that you upgrade your bugzilla packages.

Affected Software/OS:
'bugzilla' package(s) on Debian 6.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-4567
BugTraq ID: 45982
http://www.securityfocus.com/bid/45982
Debian Security Information: DSA-2322 (Google Search)
http://www.debian.org/security/2011/dsa-2322
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html
http://osvdb.org/70699
http://secunia.com/advisories/43033
http://secunia.com/advisories/43165
http://www.vupen.com/english/advisories/2011/0207
http://www.vupen.com/english/advisories/2011/0271
XForce ISS Database: bugzilla-urlfield-xss(65004)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65004
Common Vulnerability Exposure (CVE) ID: CVE-2010-4568
http://osvdb.org/70700
XForce ISS Database: bugzilla-number-security-bypass(65001)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65001
Common Vulnerability Exposure (CVE) ID: CVE-2010-4572
http://osvdb.org/70703
XForce ISS Database: bugzilla-chartcgi-response-splitting(65440)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65440
Common Vulnerability Exposure (CVE) ID: CVE-2011-0046
http://osvdb.org/70705
http://osvdb.org/70706
http://osvdb.org/70707
http://osvdb.org/70708
http://osvdb.org/70709
http://osvdb.org/70710
XForce ISS Database: bugzilla-unspec-csrf(65003)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65003
Common Vulnerability Exposure (CVE) ID: CVE-2011-0048
http://osvdb.org/70704
XForce ISS Database: bugzilla-url-xss(65005)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65005
Common Vulnerability Exposure (CVE) ID: CVE-2011-2379
BugTraq ID: 49042
http://www.securityfocus.com/bid/49042
http://www.osvdb.org/74297
http://secunia.com/advisories/45501
XForce ISS Database: bugzilla-patch-attachments-xss(69033)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69033
Common Vulnerability Exposure (CVE) ID: CVE-2011-2380
http://www.osvdb.org/74298
http://www.osvdb.org/74299
XForce ISS Database: bugzilla-editing-info-disclosure(69034)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69034
Common Vulnerability Exposure (CVE) ID: CVE-2011-2381
http://www.osvdb.org/74300
XForce ISS Database: bugzilla-attachment-header-injection(69035)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69035
Common Vulnerability Exposure (CVE) ID: CVE-2011-2978
http://www.osvdb.org/74301
XForce ISS Database: bugzilla-account-sec-bypass(69036)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69036
Common Vulnerability Exposure (CVE) ID: CVE-2011-2979
XForce ISS Database: bugzilla-queries-info-disclosure(69166)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69166
CopyrightCopyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.