FreeBSD : bugzilla -- information disclosure, denial of service (8cbf4d65-af9a-11df-89b8-00151735203a)

medium Nessus Plugin ID 48427

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

A Bugzilla Security Advisory reports :

- Remote Information Disclosure : An unprivileged user is normally not allowed to view other users' group membership. But boolean charts let the user use group-based pronouns, indirectly disclosing group membership. This security fix restricts the use of pronouns to groups the user belongs to.

- Notification Bypass : Normally, when a user is impersonated, he receives an email informing him that he is being impersonated, containing the identity of the impersonator. However, it was possible to impersonate a user without this notification being sent.

- Remote Information Disclosure : An error message thrown by the 'Reports' and 'Duplicates' page confirmed the non-existence of products, thus allowing users to guess confidential product names.
(Note that the 'Duplicates' page was not vulnerable in Bugzilla 3.6rc1 and above though.)

- Denial of Service : If a comment contained the phrases 'bug X' or 'attachment X', where X was an integer larger than the maximum 32-bit signed integer size, PostgreSQL would throw an error, and any page containing that comment would not be viewable. On most Bugzillas, any user can enter a comment on any bug, so any user could have used this to deny access to one or all bugs. Bugzillas running on databases other than PostgreSQL are not affected.

Solution

Update the affected package.

See Also

https://bugzilla.mozilla.org/show_bug.cgi?id=417048

https://bugzilla.mozilla.org/show_bug.cgi?id=450013

https://bugzilla.mozilla.org/show_bug.cgi?id=577139

https://bugzilla.mozilla.org/show_bug.cgi?id=519835

https://bugzilla.mozilla.org/show_bug.cgi?id=583690

http://www.nessus.org/u?b09ec7d8

Plugin Details

Severity: Medium

ID: 48427

File Name: freebsd_pkg_8cbf4d65af9a11df89b800151735203a.nasl

Version: 1.9

Type: local

Published: 8/25/2010

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:bugzilla, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 8/24/2010

Vulnerability Publication Date: 8/5/2010

Reference Information

CVE: CVE-2010-2756, CVE-2010-2757, CVE-2010-2758, CVE-2010-2759