Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Multiple Bugzilla Security Vulnerabilities

Multiple Bugzilla Security Vulnerabilities

by Nikola Strahija on June 11th, 2002 Under some circumstances, Bugzilla may leak information about confidential products. The queryhelp.cgi script does not observe any restrictions that may be set on the display of products in the Bugzilla database. Because of this, a user executing the script may be able to gain access to information about confidential products by executing the script.Bugzilla is a freely available, open source bug tracking software package. It is available for Linux, Unix, and Microsoft Operating Systems.


Several problems have been discovered in Bugzilla that may allow remote users to gain information through information leakage, or unauthorized access to Bugzilla.

The queryhelp.cgi script distributed with Bugzilla could allow remote users to gain access to information products that set as confidential in the Bugzilla database.

An attacker may be able to hijack user sessions provided the attacker has reverse resolution authority for an IP address, and is able to steal a user's authentication cookie.

When a directory does not exist, Mozilla will attempt to create it. However, by default, the directory is usually created with world-writeable permissions.

It is possible for any user with permissions to edit any other user's details to delete any other user of the board through the edituser.cgi script.

The Real Names field does not filter HTML. An attacker may be able to input malicious HTML in the field, resulting in a cross-site scripting attack.

When performing a mass change, the groupset of all bugs are set to the groupset of the first bug in the mass change sequence.

Bugzilla did not handle encoding from some browsers, which could lead to unintended consequences, such as setting private or confidential information to a publicly displayed mode.

The syncing of the shadow database was done insecurely. Under some circumstances, this could output sensitive data to a user of Bugzilla at random.

Remote: Yes

Exploit: Many of these vulnerabilities may be exploited with a web browser.

Solution: Fixes available:


Mozilla Bugzilla 2.14:

Mozilla Upgrade bugzilla-2.14.2.tar.gz
http://ftp.mozilla.org/pub/webtools/bugzilla-2.14.2.tar.gz

Mozilla Bugzilla 2.14.1:

Mozilla Upgrade bugzilla-2.14.2.tar.gz
http://ftp.mozilla.org/pub/webtools/bugzilla-2.14.2.tar.gz







Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »