GLSA-200709-18 : Bugzilla: Multiple vulnerabilities

This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-200709-18
(Bugzilla: Multiple vulnerabilities)

Masahiro Yamada found that from the 2.17.1 version, Bugzilla does not
properly sanitize the content of the 'buildid' parameter when filing
bugs (CVE-2007-4543). The next two vulnerabilities only affect Bugzilla
2.23.3 or later, hence the stable Gentoo Portage tree does not contain
these two vulnerabilities: Loic Minier reported that the
'Email::Send::Sendmail()' function does not properly sanitise 'from'
email information before sending it to the '-f' parameter of
/usr/sbin/sendmail (CVE-2007-4538), and Frederic Buclin discovered that
the XML-RPC interface does not correctly check permissions in the
time-tracking fields (CVE-2007-4539).

Impact :

A remote attacker could trigger the 'buildid' vulnerability by sending
a specially crafted form to Bugzilla, leading to a persistent XSS, thus
allowing for theft of credentials. With Bugzilla 2.23.3 or later, an
attacker could also execute arbitrary code with the permissions of the
web server by injecting a specially crafted 'from' email address and
gain access to normally restricted time-tracking information through
the XML-RPC service.

Workaround :

There is no known workaround at this time.

See also :

http://www.gentoo.org/security/en/glsa/glsa-200709-18.xml

Solution :

All Bugzilla users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose www-apps/bugzilla

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

Family: Gentoo Local Security Checks

Nessus Plugin ID: 26216 (gentoo_GLSA-200709-18.nasl)

Bugtraq ID:

CVE ID: CVE-2007-4538
CVE-2007-4539
CVE-2007-4543