FreeBSD : bugzilla -- 'createmailregexp' security bypass vulnerability (f8d3689e-6770-11dc-8be8-02e0185f8d72)

High Nessus Plugin ID 26213


The remote FreeBSD host is missing a security-related update.


The Bugzilla development team reports :

Bugzilla::WebService::User::offer_account_by_email does not check the 'createemailregexp' parameter, and thus allows users to create accounts who would normally be denied account creation. The 'emailregexp' parameter is still checked. If you do not have the SOAP::Lite Perl module installed on your Bugzilla system, your system is not vulnerable (because the Bugzilla WebService will not be enabled).


Update the affected package.

See Also

Plugin Details

Severity: High

ID: 26213

File Name: freebsd_pkg_f8d3689e677011dc8be802e0185f8d72.nasl

Version: $Revision: 1.15 $

Type: local

Published: 2007/10/03

Modified: 2015/05/13

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:bugzilla, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2007/09/20

Vulnerability Publication Date: 2007/09/18

Reference Information

CVE: CVE-2007-5038

CWE: 264