FreeBSD : bugzilla -- information leak (92ca92c1-d859-11de-89f9-001517351c22)

This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

A Bugzilla Security Advisory reports :

When a bug is in a group, none of its information (other than its
status and resolution) should be visible to users outside that group.
It was discovered that as of 3.3.2, Bugzilla was showing the alias of
the bug (a very short string used as a shortcut for looking up the
bug) to users outside of the group, if the protected bug ended up in
the 'Depends On' or 'Blocks' list of any other bug.

See also :

http://www.bugzilla.org/security/3.4.3/
http://www.nessus.org/u?61ef73d4

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 42875 (freebsd_pkg_92ca92c1d85911de89f9001517351c22.nasl)

Bugtraq ID:

CVE ID: CVE-2009-3386

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now