English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.70766
Category:Gentoo Local Security Checks
Title:Gentoo Security Advisory GLSA 201110-03 (bugzilla)
Summary:The remote host is missing updates announced in;advisory GLSA 201110-03.
Description:Summary:
The remote host is missing updates announced in
advisory GLSA 201110-03.

Vulnerability Insight:
Multiple vulnerabilities were found in Bugzilla, the worst of which
leading to privilege escalation.

Solution:
All Bugzilla users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=www-apps/bugzilla-3.6.6'


NOTE: This is a legacy GLSA. Updates for all affected architectures are
available since August 27, 2011. It is likely that your system is
already
no longer affected by this issue.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-2761
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053576.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053591.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:237
http://www.mandriva.com/security/advisories?name=MDVSA-2010:250
https://bugzilla.mozilla.org/show_bug.cgi?id=600464
http://openwall.com/lists/oss-security/2010/12/01/1
http://openwall.com/lists/oss-security/2010/12/01/2
http://openwall.com/lists/oss-security/2010/12/01/3
http://osvdb.org/69588
http://osvdb.org/69589
http://www.redhat.com/support/errata/RHSA-2011-1797.html
http://secunia.com/advisories/42877
http://secunia.com/advisories/43033
http://secunia.com/advisories/43068
http://secunia.com/advisories/43147
http://secunia.com/advisories/43165
SuSE Security Announcement: SUSE-SR:2011:001 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
SuSE Security Announcement: SUSE-SR:2011:002 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
SuSE Security Announcement: SUSE-SR:2011:005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://www.vupen.com/english/advisories/2011/0076
http://www.vupen.com/english/advisories/2011/0207
http://www.vupen.com/english/advisories/2011/0212
http://www.vupen.com/english/advisories/2011/0249
http://www.vupen.com/english/advisories/2011/0271
Common Vulnerability Exposure (CVE) ID: CVE-2010-3172
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html
http://www.securitytracker.com/id?1024683
http://secunia.com/advisories/42271
http://www.vupen.com/english/advisories/2010/2878
http://www.vupen.com/english/advisories/2010/2975
Common Vulnerability Exposure (CVE) ID: CVE-2010-3764
XForce ISS Database: bugzilla-graphs-info-disclosure(62969)
https://exchange.xforce.ibmcloud.com/vulnerabilities/62969
Common Vulnerability Exposure (CVE) ID: CVE-2010-4411
http://www.mandriva.com/security/advisories?name=MDVSA-2011:008
http://www.vupen.com/english/advisories/2011/0106
Common Vulnerability Exposure (CVE) ID: CVE-2010-4567
BugTraq ID: 45982
http://www.securityfocus.com/bid/45982
Debian Security Information: DSA-2322 (Google Search)
http://www.debian.org/security/2011/dsa-2322
http://osvdb.org/70699
XForce ISS Database: bugzilla-urlfield-xss(65004)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65004
Common Vulnerability Exposure (CVE) ID: CVE-2010-4568
http://osvdb.org/70700
XForce ISS Database: bugzilla-number-security-bypass(65001)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65001
Common Vulnerability Exposure (CVE) ID: CVE-2010-4569
http://yuilibrary.com/forum/viewtopic.php?p=12923
http://yuilibrary.com/projects/yui2/ticket/2529228
http://osvdb.org/70701
XForce ISS Database: bugzilla-realname-xss(65178)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65178
Common Vulnerability Exposure (CVE) ID: CVE-2010-4570
http://osvdb.org/70702
XForce ISS Database: bugzilla-summary-xss(65179)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65179
Common Vulnerability Exposure (CVE) ID: CVE-2010-4572
http://osvdb.org/70703
XForce ISS Database: bugzilla-chartcgi-response-splitting(65440)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65440
Common Vulnerability Exposure (CVE) ID: CVE-2011-0046
http://osvdb.org/70705
http://osvdb.org/70706
http://osvdb.org/70707
http://osvdb.org/70708
http://osvdb.org/70709
http://osvdb.org/70710
XForce ISS Database: bugzilla-unspec-csrf(65003)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65003
Common Vulnerability Exposure (CVE) ID: CVE-2011-0048
http://osvdb.org/70704
XForce ISS Database: bugzilla-url-xss(65005)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65005
Common Vulnerability Exposure (CVE) ID: CVE-2011-2379
BugTraq ID: 49042
http://www.securityfocus.com/bid/49042
http://www.osvdb.org/74297
http://secunia.com/advisories/45501
XForce ISS Database: bugzilla-patch-attachments-xss(69033)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69033
Common Vulnerability Exposure (CVE) ID: CVE-2011-2380
http://www.osvdb.org/74298
http://www.osvdb.org/74299
XForce ISS Database: bugzilla-editing-info-disclosure(69034)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69034
Common Vulnerability Exposure (CVE) ID: CVE-2011-2381
http://www.osvdb.org/74300
XForce ISS Database: bugzilla-attachment-header-injection(69035)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69035
Common Vulnerability Exposure (CVE) ID: CVE-2011-2976
http://www.osvdb.org/74303
XForce ISS Database: bugzilla-buglist-xss(69038)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69038
Common Vulnerability Exposure (CVE) ID: CVE-2011-2977
http://www.osvdb.org/74302
XForce ISS Database: bugzilla-attachments-info-disc(69037)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69037
Common Vulnerability Exposure (CVE) ID: CVE-2011-2978
http://www.osvdb.org/74301
XForce ISS Database: bugzilla-account-sec-bypass(69036)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69036
Common Vulnerability Exposure (CVE) ID: CVE-2011-2979
XForce ISS Database: bugzilla-queries-info-disclosure(69166)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69166
CopyrightCopyright (C) 2012 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.