FreeBSD : bugzilla -- multiple vulnerabilities (6e33f4ab-efed-11d9-8310-0001020eed82)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

A Bugzilla Security Advisory reports :

Any user can change any flag on any bug, even if they don't have
access to that bug, or even if they can't normally make bug changes.
This also allows them to expose the summary of a bug.

Bugs are inserted into the database before they are marked as private,
in Bugzilla code. Thus, MySQL replication can lag in between the time
that the bug is inserted and when it is marked as private (usually
less than a second). If replication lags at this point, the bug
summary will be accessible to all users until replication catches up.
Also, on a very slow machine, there may be a pause longer than a
second that allows users to see the title of the newly-filed bug.

See also :

http://www.bugzilla.org/security/2.18.1/
https://bugzilla.mozilla.org/show_bug.cgi?id=292544
https://bugzilla.mozilla.org/show_bug.cgi?id=293159
http://www.nessus.org/u?68238ab8

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 18976 (freebsd_pkg_6e33f4abefed11d983100001020eed82.nasl)

Bugtraq ID:

CVE ID: CVE-2005-2173
CVE-2005-2174

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now