oss-sec mailing list archives
Re: CVE request: Bugzilla (Unauthorized Bug Change, XSS, Account Impersonation)
From: "Steven M. Christey" <coley () linus mitre org>
Date: Wed, 7 May 2008 16:10:01 -0400 (EDT)
Note - CVE-2008-2105 assumes "before 3.0" because of the target fix for the bug report; Bugzilla's advisory saying "2.23.4 and later" is kind of hard to parse, especially since I don't think they mean this will be a bug in all future versions as well :) - Steve ====================================================== Name: CVE-2008-2103 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2103 Reference: CONFIRM:http://www.bugzilla.org/security/2.20.5/ Reference: CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=425665 Reference: BID:29038 Reference: URL:http://www.securityfocus.com/bid/29038 Reference: FRSIRT:ADV-2008-1428 Reference: URL:http://www.frsirt.com/english/advisories/2008/1428/references Reference: SECTRACK:1019967 Reference: URL:http://www.securitytracker.com/id?1019967 Reference: SECUNIA:30064 Reference: URL:http://secunia.com/advisories/30064 Reference: XF:bugzilla-bugview-xss(42216) Reference: URL:http://xforce.iss.net/xforce/xfdb/42216 Cross-site scripting (XSS) vulnerability in Bugzilla 2.17.2 and later allows remote attackers to inject arbitrary web script or HTML via the id parameter to the "Format for Printing" view or "Long Format" bug list. ====================================================== Name: CVE-2008-2104 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2104 Reference: CONFIRM:http://www.bugzilla.org/security/2.20.5/ Reference: CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=415471 Reference: BID:29038 Reference: URL:http://www.securityfocus.com/bid/29038 Reference: FRSIRT:ADV-2008-1428 Reference: URL:http://www.frsirt.com/english/advisories/2008/1428/references Reference: SECTRACK:1019968 Reference: URL:http://www.securitytracker.com/id?1019968 Reference: SECUNIA:30064 Reference: URL:http://secunia.com/advisories/30064 Reference: XF:bugzilla-xmlrpc-security-bypass(42218) Reference: URL:http://xforce.iss.net/xforce/xfdb/42218 The WebService in Bugzilla before 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check. ====================================================== Name: CVE-2008-2105 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2105 Reference: CONFIRM:http://www.bugzilla.org/security/2.20.5/ Reference: CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=419188 Reference: BID:29038 Reference: URL:http://www.securityfocus.com/bid/29038 Reference: FRSIRT:ADV-2008-1428 Reference: URL:http://www.frsirt.com/english/advisories/2008/1428/references Reference: SECTRACK:1019969 Reference: URL:http://www.securitytracker.com/id?1019969 Reference: SECUNIA:30064 Reference: URL:http://secunia.com/advisories/30064 email_in.pl in Bugzilla 2.23.4, and later versions before 3.0, allows remote authenticated users to more easily spoof the changer of a bug via a @reporter command in the body of an e-mail message, which overrides the e-mail address as normally obtained from the From e-mail header. NOTE: since From headers are easily spoofed, this only crosses privilege boundaries in environments that provide additional verification of e-mail addresses.
Current thread:
- CVE request: Bugzilla (Unauthorized Bug Change, XSS, Account Impersonation) Christian Hoffmann (May 07)
- Re: CVE request: Bugzilla (Unauthorized Bug Change, XSS, Account Impersonation) Steven M. Christey (May 07)
- Re: Re: CVE request: Bugzilla (Unauthorized Bug Change, XSS, Account Impersonation) Hanno Böck (May 13)
- Re: Re: CVE request: Bugzilla (Unauthorized Bug Change, XSS, Account Impersonation) Tomas Hoger (May 13)
- Re: Re: CVE request: Bugzilla (Unauthorized Bug Change, XSS, Account Impersonation) Steven M. Christey (May 13)
- Re: Re: CVE request: Bugzilla (Unauthorized Bug Change, XSS, Account Impersonation) Hanno Böck (May 13)
- Re: CVE request: Bugzilla (Unauthorized Bug Change, XSS, Account Impersonation) Steven M. Christey (May 07)