| VID |
21383 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Bugzilla bug-tracking system, according to its version number, has an Arbitrary Command Execution Vulnerability. Bugzilla is a Web-based bug-tracking system, based on Perl and MySQL. Bugzilla version 2.8 and earlier could allow a remote attacker to execute arbitrary commands, due to an unchecked system call in the process_bug.cgi script. The script "process_bug.cgi" uses insecure system calls containing user input to call the 'processmail' perl script without checking for shell metacharacters. As a result, it possible for an attacker to supply maliciously crafted input to form fields, which when submitted will cause arbitrary commands to be executed on the shell of the host running vulnerable versions of Bugzilla.
* Note: This check solely relied on the version number of Bugzilla in the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.securityfocus.com/archive/1/59454
http://www.atstake.com/research/advisories/2001/a043001-1.txt
* Platforms Affected:
Mozilla Project, Bugzilla 2.10 and earlier
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Bugzilla (2.12 or later), available from the Bugzilla Download Web site at http://www.bugzilla.org/download/ |
| Related URL |
CVE-2000-0421,CVE-2001-0329 (CVE) |
| Related URL |
1199 (SecurityFocus) |
| Related URL |
4816 (ISS) |
|
