Rapid7 Vulnerability & Exploit Database

RHSA-2002:109: Updated bugzilla packages fix security issues

Back to Search

RHSA-2002:109: Updated bugzilla packages fix security issues

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
08/12/2002
Created
07/25/2018
Added
03/24/2010
Modified
07/04/2017

Description

A number of security-related bugs have been found in Bugzilla version 2.14.

Bugzilla is a bug-tracking system from mozilla.org. A number of security issues have been found in version 2.14.1: Bugzilla allows remote attackers to display restricted products and components via a direct HTTP request to queryhelp.cgi. (CAN-2002-0803) Bugzilla, when configured to perform reverse DNS lookups, allows remote attackers to bypass IP restrictions by connecting from a system with a spoofed reverse DNS hostname. (CAN-2002-0804) Bugzilla creates new directories with world-writable permissions and creates the params file with world-writable permissions, which allows local users to modify the files and execute code. (CAN-2002-0805) Bugzilla allows authenticated users with editing privileges to delete other users by directly calling the editusers.cgi script with the "del" option. (CAN-2002-0806) Cross-site scripting vulnerabilities in Bugzilla could allow remote attackers to execute scripts as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi. (CAN-2002-0807) Bugzilla, when performing a mass change, sets the groupset of all bugs to the groupset of the first bug. This could inadvertently cause insecure groupset permissions to be assigned to some bugs. (CAN-2002-0808) Bugzilla does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset. This has the effect of removing group permissions on bugs when buglist.cgi is provided with the encoded field names. (CAN-2002-0809) Bugzilla directs error messages from the syncshadowdb command to the HTML output, which could leak sensitive information, including plaintext passwords, if syncshadowdb fails. (CAN-2002-0810) Bugzilla may allow remote attackers to cause a denial of service or execute certain queries via a SQL injection attack on the sort order parameter to buglist.cgi. (CAN-2002-0811) All users of Bugzilla are advised to upgrade to these errata packages containing Bugzilla version 2.14.3 which is not vulnerable to these issues.

Solution(s)

  • redhat-upgrade-bugzilla

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;