| VID |
21240 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Bugzilla bug-tracking system, according to its version number, has multiple vulnerabilities.
The Bugzilla, developed by mozilla project, is the open-source/free "bug-tracking systems" program. This system is vulnerable to various vulnerabilities such as the following vulnerability, which allow a remote attacker to execute arbitrary commands and gain unauthorized access to Bugzilla.
1. Insecure permissions setting: the data collection script for Bugzilla sets world-writable permissions for the data/mining directory. It allows a local attacker to alter or delete the collected data.
2. A flaw in .htaccess scripts: The default .htaccess scripts for Bugzilla don't protect backups of the localconfig file created via text editors. It allows a remote attacker to obtain a database password by directly accessing the backup file.
3. Cross-Sites Scripting: In the "quips" feature enabled, Bugzilla dose not sufficiently filtering of user-supplied input. It allows a remote attacker to inject malicious script that is executed in the client browser.
4. A flaw in bugzilla_email_append.pl script: Due to a flaw in the bugzilla_email_append.pl script, a remote attacker can insert malicious formatted entries(commands) into the bugzilla database and then let these entires inserted to be passed to the system, which will then be executed on the system.
5. SQL Injection: Due to insufficient filtering of apostrophes (') from E-Mail addresses when new account is created, a remote attacker can add, modify or delete in the backend database.
* Note: This check solely relied on the version number of the bugzilla system to assess this vulnerability, so this might be a false positive.
* References:
http://marc.theaimsgroup.com/?l=bugtraq&m=104154319200399&w=2
http://www.debian.org/security/2003/dsa-230
http://bugzilla.mozilla.org/show_bug.cgi?id=183188
http://bugzilla.mozilla.org/show_bug.cgi?id=186383
* Platforms Affected:
Bugzilla 2.14.X
Bugzilla 2.16.X
Bugzilla prior to 2.17.3
Bugzilla 2.10 and earlier |
| Recommendation |
Upgrade to the Bugzilla version 2.14.5, 2.16.2, or 2.17.3, available from the mozilla's web site:
http://ftp.mozilla.org/pub/webtools |
| Related URL |
CVE-2002-1198,CVE-2002-1197,CVE-2003-0012,CVE-2003-0013 (CVE) |
| Related URL |
4964,6501,6502,6257,5844,5842 (SecurityFocus) |
| Related URL |
10970,10707,10234,10235 (ISS) |
|
