FreeBSD : bugzilla -- information disclosure, denial of service (8cbf4d65-af9a-11df-89b8-00151735203a)

This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

A Bugzilla Security Advisory reports :

- Remote Information Disclosure : An unprivileged user is normally not
allowed to view other users' group membership. But boolean charts let
the user use group-based pronouns, indirectly disclosing group
membership. This security fix restricts the use of pronouns to groups
the user belongs to.

- Notification Bypass : Normally, when a user is impersonated, he
receives an email informing him that he is being impersonated,
containing the identity of the impersonator. However, it was possible
to impersonate a user without this notification being sent.

- Remote Information Disclosure : An error message thrown by the
'Reports' and 'Duplicates' page confirmed the non-existence of
products, thus allowing users to guess confidential product names.
(Note that the 'Duplicates' page was not vulnerable in Bugzilla 3.6rc1
and above though.)

- Denial of Service : If a comment contained the phrases 'bug X' or
'attachment X', where X was an integer larger than the maximum 32-bit
signed integer size, PostgreSQL would throw an error, and any page
containing that comment would not be viewable. On most Bugzillas, any
user can enter a comment on any bug, so any user could have used this
to deny access to one or all bugs. Bugzillas running on databases
other than PostgreSQL are not affected.

See also :

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 6.5

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 48427 (freebsd_pkg_8cbf4d65af9a11df89b800151735203a.nasl)

Bugtraq ID:

CVE ID: CVE-2010-2756

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now