Gentoo Archives: gentoo-announce

From: Thierry Carrez <koon@g.o>
To: gentoo-announce@l.g.o
Cc: bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] [ GLSA 200507-12 ] Bugzilla: Unauthorized access and information disclosure
Date: Wed, 13 Jul 2005 20:48:49
Message-Id: 42D57A0E.9050707@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 200507-12
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Low
8 Title: Bugzilla: Unauthorized access and information disclosure
9 Date: July 13, 2005
10 Bugs: #98348
11 ID: 200507-12
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities in Bugzilla could allow remote users to modify
19 bug flags or gain sensitive information.
20
21 Background
22 ==========
23
24 Bugzilla is a web-based bug-tracking system used by many projects.
25
26 Affected packages
27 =================
28
29 -------------------------------------------------------------------
30 Package / Vulnerable / Unaffected
31 -------------------------------------------------------------------
32 1 www-apps/bugzilla < 2.18.3 >= 2.18.3
33
34 Description
35 ===========
36
37 Bugzilla allows any user to modify the flags of any bug
38 (CAN-2005-2173). Bugzilla inserts bugs into the database before marking
39 them as private, in connection with MySQL replication this could lead
40 to a race condition (CAN-2005-2174).
41
42 Impact
43 ======
44
45 By manually changing the URL to process_bug.cgi, a remote attacker
46 could modify the flags of any given bug, which could trigger an email
47 including the bug summary to be sent to the attacker. The race
48 condition when using Bugzilla with MySQL replication could lead to a
49 short timespan (usually less than a second) where the summary of
50 private bugs is exposed to all users.
51
52 Workaround
53 ==========
54
55 There are no known workarounds at this time.
56
57 Resolution
58 ==========
59
60 All Bugzilla users should upgrade to the latest available version:
61
62 # emerge --sync
63 # emerge --ask --oneshot --verbose ">=www-apps/bugzilla-2.18.3"
64
65 References
66 ==========
67
68 [ 1 ] CAN-2005-2173
69 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2173
70 [ 2 ] CAN-2005-2174
71 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2174
72 [ 3 ] Bugzilla Security Advisory
73 http://www.bugzilla.org/security/2.18.1/
74
75 Availability
76 ============
77
78 This GLSA and any updates to it are available for viewing at
79 the Gentoo Security Website:
80
81 http://security.gentoo.org/glsa/glsa-200507-12.xml
82
83 Concerns?
84 =========
85
86 Security is a primary focus of Gentoo Linux and ensuring the
87 confidentiality and security of our users machines is of utmost
88 importance to us. Any security concerns should be addressed to
89 security@g.o or alternatively, you may file a bug at
90 http://bugs.gentoo.org.
91
92 License
93 =======
94
95 Copyright 2005 Gentoo Foundation, Inc; referenced text
96 belongs to its owner(s).
97
98 The contents of this document are licensed under the
99 Creative Commons - Attribution / Share Alike license.
100
101 http://creativecommons.org/licenses/by-sa/2.0

Attachments

File name MIME type
signature.asc application/pgp-signature