FreeBSD : bugzilla -- 'createmailregexp' security bypass vulnerability (f8d3689e-6770-11dc-8be8-02e0185f8d72)

This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The Bugzilla development team reports :

Bugzilla::WebService::User::offer_account_by_email does not check the
'createemailregexp' parameter, and thus allows users to create
accounts who would normally be denied account creation. The
'emailregexp' parameter is still checked. If you do not have the
SOAP::Lite Perl module installed on your Bugzilla system, your system
is not vulnerable (because the Bugzilla WebService will not be
enabled).

See also :

http://www.bugzilla.org/security/3.0.1/
http://www.nessus.org/u?a74c0ac4

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 26213 (freebsd_pkg_f8d3689e677011dc8be802e0185f8d72.nasl)

Bugtraq ID:

CVE ID: CVE-2007-5038

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now