[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 7 May 2008 16:10:01 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: Christian Hoffmann <hoffie@...too.org>
cc: coley@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: Bugzilla (Unauthorized Bug Change, XSS, Account
Impersonation)
Note - CVE-2008-2105 assumes "before 3.0" because of the target fix for
the bug report; Bugzilla's advisory saying "2.23.4 and later" is kind of
hard to parse, especially since I don't think they mean this will be a bug
in all future versions as well :)
- Steve
======================================================
Name: CVE-2008-2103
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2103
Reference: CONFIRM:http://www.bugzilla.org/security/2.20.5/
Reference: CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=425665
Reference: BID:29038
Reference: URL:http://www.securityfocus.com/bid/29038
Reference: FRSIRT:ADV-2008-1428
Reference: URL:http://www.frsirt.com/english/advisories/2008/1428/references
Reference: SECTRACK:1019967
Reference: URL:http://www.securitytracker.com/id?1019967
Reference: SECUNIA:30064
Reference: URL:http://secunia.com/advisories/30064
Reference: XF:bugzilla-bugview-xss(42216)
Reference: URL:http://xforce.iss.net/xforce/xfdb/42216
Cross-site scripting (XSS) vulnerability in Bugzilla 2.17.2 and later
allows remote attackers to inject arbitrary web script or HTML via the
id parameter to the "Format for Printing" view or "Long Format" bug
list.
======================================================
Name: CVE-2008-2104
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2104
Reference: CONFIRM:http://www.bugzilla.org/security/2.20.5/
Reference: CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=415471
Reference: BID:29038
Reference: URL:http://www.securityfocus.com/bid/29038
Reference: FRSIRT:ADV-2008-1428
Reference: URL:http://www.frsirt.com/english/advisories/2008/1428/references
Reference: SECTRACK:1019968
Reference: URL:http://www.securitytracker.com/id?1019968
Reference: SECUNIA:30064
Reference: URL:http://secunia.com/advisories/30064
Reference: XF:bugzilla-xmlrpc-security-bypass(42218)
Reference: URL:http://xforce.iss.net/xforce/xfdb/42218
The WebService in Bugzilla before 3.1.3 allows remote authenticated
users without canconfirm privileges to create NEW or ASSIGNED bug
entries via a request to the XML-RPC interface, which bypasses the
canconfirm check.
======================================================
Name: CVE-2008-2105
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2105
Reference: CONFIRM:http://www.bugzilla.org/security/2.20.5/
Reference: CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=419188
Reference: BID:29038
Reference: URL:http://www.securityfocus.com/bid/29038
Reference: FRSIRT:ADV-2008-1428
Reference: URL:http://www.frsirt.com/english/advisories/2008/1428/references
Reference: SECTRACK:1019969
Reference: URL:http://www.securitytracker.com/id?1019969
Reference: SECUNIA:30064
Reference: URL:http://secunia.com/advisories/30064
email_in.pl in Bugzilla 2.23.4, and later versions before 3.0, allows
remote authenticated users to more easily spoof the changer of a bug
via a @reporter command in the body of an e-mail message, which
overrides the e-mail address as normally obtained from the From e-mail
header. NOTE: since From headers are easily spoofed, this only crosses
privilege boundaries in environments that provide additional
verification of e-mail addresses.
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
