FreeBSD : bugzilla -- multiple vulnerabilities (0c7a3ee2-3654-11e1-b404-20cf30e32f6d)

This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

A Bugzilla Security Advisory reports :

The following security issues have been discovered in Bugzilla :

- Tabular and graphical reports, as well as new charts have a debug
mode which displays raw data as plain text. This text is not correctly
escaped and a crafted URL could use this vulnerability to inject code
leading to XSS.

- The User.offer_account_by_email WebService method ignores the
user_can_create_account setting of the authentication method and
generates an email with a token in it which the user can use to create
an account. Depending on the authentication method being active, this
could allow the user to log in using this account. Installations where
the createemailregexp parameter is empty are not vulnerable to this
issue.

- The creation of bug reports and of attachments is not protected by a
token and so they can be created without the consent of a user if the
relevant code is embedded in an HTML page and the user visits this
page. This behavior was intentional to let third-party applications
submit new bug reports and attachments easily. But as this behavior
can be abused by a malicious user, it has been decided to block
submissions with no valid token starting from version 4.2rc1. Older
branches are not patched to not break these third-party applications
after the upgrade.

All affected installations are encouraged to upgrade as soon as
possible.

See also :

https://bugzilla.mozilla.org/show_bug.cgi?id=697699
https://bugzilla.mozilla.org/show_bug.cgi?id=711714
https://bugzilla.mozilla.org/show_bug.cgi?id=703975
https://bugzilla.mozilla.org/show_bug.cgi?id=703983
http://www.nessus.org/u?9d7d18eb

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 57445 ()

Bugtraq ID:

CVE ID: CVE-2011-3657
CVE-2011-3667
CVE-2011-3668
CVE-2011-3669

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now