Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.51.0805071609020.5663@faron.mitre.org>
Date: Wed, 7 May 2008 16:10:01 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: Christian Hoffmann <hoffie@...too.org>
cc: coley@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: Bugzilla (Unauthorized Bug Change, XSS, Account
 Impersonation)


Note - CVE-2008-2105 assumes "before 3.0" because of the target fix for
the bug report; Bugzilla's advisory saying "2.23.4 and later" is kind of
hard to parse, especially since I don't think they mean this will be a bug
in all future versions as well :)

- Steve


======================================================
Name: CVE-2008-2103
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2103
Reference: CONFIRM:http://www.bugzilla.org/security/2.20.5/
Reference: CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=425665
Reference: BID:29038
Reference: URL:http://www.securityfocus.com/bid/29038
Reference: FRSIRT:ADV-2008-1428
Reference: URL:http://www.frsirt.com/english/advisories/2008/1428/references
Reference: SECTRACK:1019967
Reference: URL:http://www.securitytracker.com/id?1019967
Reference: SECUNIA:30064
Reference: URL:http://secunia.com/advisories/30064
Reference: XF:bugzilla-bugview-xss(42216)
Reference: URL:http://xforce.iss.net/xforce/xfdb/42216

Cross-site scripting (XSS) vulnerability in Bugzilla 2.17.2 and later
allows remote attackers to inject arbitrary web script or HTML via the
id parameter to the "Format for Printing" view or "Long Format" bug
list.


======================================================
Name: CVE-2008-2104
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2104
Reference: CONFIRM:http://www.bugzilla.org/security/2.20.5/
Reference: CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=415471
Reference: BID:29038
Reference: URL:http://www.securityfocus.com/bid/29038
Reference: FRSIRT:ADV-2008-1428
Reference: URL:http://www.frsirt.com/english/advisories/2008/1428/references
Reference: SECTRACK:1019968
Reference: URL:http://www.securitytracker.com/id?1019968
Reference: SECUNIA:30064
Reference: URL:http://secunia.com/advisories/30064
Reference: XF:bugzilla-xmlrpc-security-bypass(42218)
Reference: URL:http://xforce.iss.net/xforce/xfdb/42218

The WebService in Bugzilla before 3.1.3 allows remote authenticated
users without canconfirm privileges to create NEW or ASSIGNED bug
entries via a request to the XML-RPC interface, which bypasses the
canconfirm check.


======================================================
Name: CVE-2008-2105
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2105
Reference: CONFIRM:http://www.bugzilla.org/security/2.20.5/
Reference: CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=419188
Reference: BID:29038
Reference: URL:http://www.securityfocus.com/bid/29038
Reference: FRSIRT:ADV-2008-1428
Reference: URL:http://www.frsirt.com/english/advisories/2008/1428/references
Reference: SECTRACK:1019969
Reference: URL:http://www.securitytracker.com/id?1019969
Reference: SECUNIA:30064
Reference: URL:http://secunia.com/advisories/30064

email_in.pl in Bugzilla 2.23.4, and later versions before 3.0, allows
remote authenticated users to more easily spoof the changer of a bug
via a @reporter command in the body of an e-mail message, which
overrides the e-mail address as normally obtained from the From e-mail
header.  NOTE: since From headers are easily spoofed, this only crosses
privilege boundaries in environments that provide additional
verification of e-mail addresses.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.