FreeBSD : bugzilla -- information disclosure, denial of service (8cbf4d65-af9a-11df-89b8-00151735203a)

Medium Nessus Plugin ID 48427


The remote FreeBSD host is missing a security-related update.


A Bugzilla Security Advisory reports :

- Remote Information Disclosure : An unprivileged user is normally not allowed to view other users' group membership. But boolean charts let the user use group-based pronouns, indirectly disclosing group membership. This security fix restricts the use of pronouns to groups the user belongs to.

- Notification Bypass : Normally, when a user is impersonated, he receives an email informing him that he is being impersonated, containing the identity of the impersonator. However, it was possible to impersonate a user without this notification being sent.

- Remote Information Disclosure : An error message thrown by the 'Reports' and 'Duplicates' page confirmed the non-existence of products, thus allowing users to guess confidential product names.
(Note that the 'Duplicates' page was not vulnerable in Bugzilla 3.6rc1 and above though.)

- Denial of Service : If a comment contained the phrases 'bug X' or 'attachment X', where X was an integer larger than the maximum 32-bit signed integer size, PostgreSQL would throw an error, and any page containing that comment would not be viewable. On most Bugzillas, any user can enter a comment on any bug, so any user could have used this to deny access to one or all bugs. Bugzillas running on databases other than PostgreSQL are not affected.


Update the affected package.

See Also

Plugin Details

Severity: Medium

ID: 48427

File Name: freebsd_pkg_8cbf4d65af9a11df89b800151735203a.nasl

Version: $Revision: 1.6 $

Type: local

Published: 2010/08/25

Modified: 2013/06/22

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:bugzilla, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2010/08/24

Vulnerability Publication Date: 2010/08/05

Reference Information

CVE: CVE-2010-2756, CVE-2010-2757, CVE-2010-2758, CVE-2010-2759