FreeBSD : bugzilla -- multiple vulnerabilities (6e33f4ab-efed-11d9-8310-0001020eed82)

Medium Nessus Plugin ID 18976


The remote FreeBSD host is missing one or more security-related updates.


A Bugzilla Security Advisory reports :

Any user can change any flag on any bug, even if they don't have access to that bug, or even if they can't normally make bug changes.
This also allows them to expose the summary of a bug.

Bugs are inserted into the database before they are marked as private, in Bugzilla code. Thus, MySQL replication can lag in between the time that the bug is inserted and when it is marked as private (usually less than a second). If replication lags at this point, the bug summary will be accessible to all users until replication catches up.
Also, on a very slow machine, there may be a pause longer than a second that allows users to see the title of the newly-filed bug.


Update the affected packages.

See Also

Plugin Details

Severity: Medium

ID: 18976

File Name: freebsd_pkg_6e33f4abefed11d983100001020eed82.nasl

Version: $Revision: 1.15 $

Type: local

Published: 2005/07/13

Modified: 2013/06/21

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:bugzilla, p-cpe:/a:freebsd:freebsd:ja-bugzilla, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2005/07/08

Vulnerability Publication Date: 2005/07/07

Reference Information

CVE: CVE-2005-2173, CVE-2005-2174