Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Wiki, Collaborationware :: tb12767.htm

Bugzilla: Multiple vulnerabilities



Bugzilla: Multiple vulnerabilities
Bugzilla: Multiple vulnerabilities




--I3tAPq1Rm2pUxvsp
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200709-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/ 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
     Title: Bugzilla: Multiple vulnerabilities
      Date: September 30, 2007
      Bugs: #190112
        ID: 200709-18

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======
Bugzilla contains several vulnerabilities, some of them possibly
leading to the remote execution of arbitrary code.

Background
=========
Bugzilla is a web application designed to help with managing software
development.

Affected packages
================
    -------------------------------------------------------------------
     Package            /  Vulnerable  /                    Unaffected
    -------------------------------------------------------------------
  1  www-apps/bugzilla       < 3.0.1                        *>= 2.20.5
                                                            *>= 2.22.3
                                                              >= 3.0.1

Description
==========
Masahiro Yamada found that from the 2.17.1 version, Bugzilla does not
properly sanitize the content of the "buildid" parameter when filing
bugs (CVE-2007-4543). The next two vulnerabilities only affect Bugzilla
2.23.3 or later, hence the stable Gentoo Portage tree does not contain
these two vulnerabilities: Loic Minier reported that the
"Email::Send::Sendmail()" function does not properly sanitise "from"
email information before sending it to the "-f" parameter of
/usr/sbin/sendmail (CVE-2007-4538), and Fr=E9d=E9ric Buclin discovered
that the XML-RPC interface does not correctly check permissions in the
time-tracking fields (CVE-2007-4539).

Impact
=====
A remote attacker could trigger the "buildid" vulnerability by sending
a specially crafted form to Bugzilla, leading to a persistent XSS, thus
allowing for theft of credentials. With Bugzilla 2.23.3 or later, an
attacker could also execute arbitrary code with the permissions of the
web server by injecting a specially crafted "from" email address and
gain access to normally restricted time-tracking information through
the XML-RPC service.

Workaround
=========
There is no known workaround at this time.

Resolution
=========
All Bugzilla users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose www-apps/bugzilla

References
=========
  [ 1 ] CVE-2007-4538
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4538 
  [ 2 ] CVE-2007-4539
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4539 
  [ 3 ] CVE-2007-4543
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4543 

Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200709-18.xml 

Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at 
http://bugs.gentoo.org. 

License
======
Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 

--I3tAPq1Rm2pUxvsp
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iQEVAwUBRwAFtTvRww8BFPxFAQLu9Qf9EDESGenPl9IEmpSjQlnl7If5Xng0eW+t
hb3sCuP6nuSM64XOuvXWD/mu475vhOD4zCYuH+BZBb/uoiec7uzdrCWupL/xtaPK
yZiSwbxvJ0fJBKegnKDqZqlZM+MYKiOiEgT7xslGhHLqtVp67o8s1zMmeZz8Vu9E
g+N1jGu5C08f0kS59+N0isy/GfJA5tVjnFEDP/WQKoQjneIz+AgEDMbupA0oNcNC
HIWphlbGygPUAnpdn3/Skj07cQvy4e0mH43YmsTtENJHgwHFdshCo5W1spUPO0aM
lPgqoHSeCsK5zonYG+hmGf9nxFDm2J7SpIIVRS6kpSSYJOdJXRPwdA==+iOg
-----END PGP SIGNATURE-----

--I3tAPq1Rm2pUxvsp--


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH