FreeBSD : bugzilla -- multiple vulnerabilities (dc8741b9-c5d5-11e0-8a8e-00151735203a)

Medium Nessus Plugin ID 55847


The remote FreeBSD host is missing one or more security-related updates.


A Bugzilla Security Advisory reports :

The following security issues have been discovered in Bugzilla :

- Internet Explorer 8 and older, and Safari before 5.0.6 do content sniffing when viewing a patch in 'Raw Unified' mode, which could trigger a cross-site scripting attack due to the execution of malicious code in the attachment.

- It is possible to determine whether or not certain group names exist while creating or updating bugs.

- Attachment descriptions with a newline in them could lead to the injection of crafted headers in email notifications sent to the requestee or the requester when editing an attachment flag.

- If an attacker has access to a user's session, he can modify that user's email address without that user being notified of the change.

- Temporary files for uploaded attachments are not deleted on Windows, which could let a user with local access to the server read them.

- Up to Bugzilla 3.4.11, if a BUGLIST cookie is compromised, it can be used to inject HTML code when viewing a bug report, leading to a cross-site scripting attack.

All affected installations are encouraged to upgrade as soon as possible.


Update the affected packages.

See Also

Plugin Details

Severity: Medium

ID: 55847

File Name: freebsd_pkg_dc8741b9c5d511e08a8e00151735203a.nasl

Version: $Revision: 1.6 $

Type: local

Published: 2011/08/15

Modified: 2015/05/13

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:bugzilla, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2011/08/13

Vulnerability Publication Date: 2011/08/04

Reference Information

CVE: CVE-2011-2379, CVE-2011-2380, CVE-2011-2381, CVE-2011-2976, CVE-2011-2977, CVE-2011-2978, CVE-2011-2979