FreeBSD : bugzilla -- multiple serious vulnerabilities (c8c927e5-2891-11e0-8f26-00151735203a)

This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

A Bugzilla Security Advisory reports :

This advisory covers three security issues that have recently been
fixed in the Bugzilla code :

- A weakness in Bugzilla could allow a user to gain unauthorized
access to another Bugzilla account.

- A weakness in the Perl CGI.pm module allows injecting HTTP headers
and content to users via several pages in Bugzilla.

- If you put a harmful 'javascript:' or 'data:' URL into Bugzilla's
'URL' field, then there are multiple situations in which Bugzilla will
unintentionally make that link clickable.

- Various pages lack protection against cross-site request forgeries.

All affected installations are encouraged to upgrade as soon as
possible.

See also :

https://bugzilla.mozilla.org/show_bug.cgi?id=621591
https://bugzilla.mozilla.org/show_bug.cgi?id=619594
https://bugzilla.mozilla.org/show_bug.cgi?id=591165
https://bugzilla.mozilla.org/show_bug.cgi?id=621572
https://bugzilla.mozilla.org/show_bug.cgi?id=619588
https://bugzilla.mozilla.org/show_bug.cgi?id=628034
https://bugzilla.mozilla.org/show_bug.cgi?id=621090
https://bugzilla.mozilla.org/show_bug.cgi?id=621105
https://bugzilla.mozilla.org/show_bug.cgi?id=621107
https://bugzilla.mozilla.org/show_bug.cgi?id=621108
https://bugzilla.mozilla.org/show_bug.cgi?id=621109
https://bugzilla.mozilla.org/show_bug.cgi?id=621110
http://www.nessus.org/u?9c3b1a46

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 51670 ()

Bugtraq ID: 25425

CVE ID: CVE-2010-0048
CVE-2010-2761
CVE-2010-4411
CVE-2010-4567
CVE-2010-4568
CVE-2010-4572
CVE-2011-0046

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now