Debian DSA-173-1 : bugzilla - privilege escalation

high Nessus Plugin ID 15010

Synopsis

The remote Debian host is missing a security-related update.

Description

The developers of Bugzilla, a web-based bug tracking system, discovered a problem in the handling of more than 47 groups. When a new product is added to an installation with 47 groups or more and 'usebuggroups' is enabled, the new group will be assigned a groupset bit using Perl math that is not exact beyond 248. This results in the new group being defined with a 'bit' that has several bits set. As users are given access to the new group, those users will also gain access to spurious lower group privileges. Also, group bits were not always reused when groups were deleted.

Solution

Upgrade the bugzilla package.

This problem has been fixed in version 2.14.2-0woody2 for the current stable distribution (woody) and will soon be fixed in the unstable distribution (sid). The old stable distribution (potato) doesn't contain a bugzilla package.

See Also

http://www.debian.org/security/2002/dsa-173

Plugin Details

Severity: High

ID: 15010

File Name: debian_DSA-173.nasl

Version: 1.16

Type: local

Agent: unix

Published: 9/29/2004

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:bugzilla, cpe:/o:debian:debian_linux:3.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 10/9/2002

Reference Information

CVE: CVE-2002-1196

DSA: 173