Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY LINKS NEWS MAN DOCUMENTATION

<< Previous INDEX Search src / Print Next >>

Date: Sun, 30 Sep 2007 22:23:17 +0200
From: Raphael Marichez <falco@gentoo.org.>
To: [email protected]
Subject: [ GLSA 200709-18 ] Bugzilla: Multiple vulnerabilities
Message-ID: <20070930202317.GI10324@falco.falcal.net.>
Mail-Followup-To: [email protected],
        [email protected], [email protected],
        [email protected]
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="I3tAPq1Rm2pUxvsp"
Content-Disposition: inline
X-Web: http://falco.bz/
X-GPG-fingerprint: 04EB 153A 6B28 3E80 87A9  9B4F A77C 4BDE 021C 5BD2
X-GPG-Key: http://subkeys.pgp.net:11371/pks/lookup?op=get&search=0x021C5BD2
Organization: Gentoo Linux Security Team
User-Agent: Mutt/1.5.16 (2007-06-09)
X-Virus-Scanned: antivirus-gw at tyumen.ru


--I3tAPq1Rm2pUxvsp
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200709-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


  Severity: High
     Title: Bugzilla: Multiple vulnerabilities
      Date: September 30, 2007
      Bugs: #190112
        ID: 200709-18

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


Synopsis
=3D=3D=3D=3D=3D=3D=3D=3D

Bugzilla contains several vulnerabilities, some of them possibly
leading to the remote execution of arbitrary code.

Background
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

Bugzilla is a web application designed to help with managing software
development.

Affected packages
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

    -------------------------------------------------------------------
     Package            /  Vulnerable  /                    Unaffected
    -------------------------------------------------------------------
  1  www-apps/bugzilla       < 3.0.1                        *>=3D 2.20.5
                                                            *>=3D 2.22.3
                                                              >=3D 3.0.1


Description
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

Masahiro Yamada found that from the 2.17.1 version, Bugzilla does not
properly sanitize the content of the "buildid" parameter when filing
bugs (CVE-2007-4543). The next two vulnerabilities only affect Bugzilla
2.23.3 or later, hence the stable Gentoo Portage tree does not contain
these two vulnerabilities: Loic Minier reported that the
"Email::Send::Sendmail()" function does not properly sanitise "from"
email information before sending it to the "-f" parameter of
/usr/sbin/sendmail (CVE-2007-4538), and Fr=E9d=E9ric Buclin discovered
that the XML-RPC interface does not correctly check permissions in the
time-tracking fields (CVE-2007-4539).

Impact
=3D=3D=3D=3D=3D=3D

A remote attacker could trigger the "buildid" vulnerability by sending
a specially crafted form to Bugzilla, leading to a persistent XSS, thus
allowing for theft of credentials. With Bugzilla 2.23.3 or later, an
attacker could also execute arbitrary code with the permissions of the
web server by injecting a specially crafted "from" email address and
gain access to normally restricted time-tracking information through
the XML-RPC service.

Workaround
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

There is no known workaround at this time.

Resolution
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

All Bugzilla users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose www-apps/bugzilla


References
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

  [ 1 ] CVE-2007-4538
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2007-4538
  [ 2 ] CVE-2007-4539
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2007-4539
  [ 3 ] CVE-2007-4543
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2007-4543

Availability
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200709-18.xml

Concerns?
=3D=3D=3D=3D=3D=3D=3D=3D=3D

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=3D=3D=3D=3D=3D=3D=3D

Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

--I3tAPq1Rm2pUxvsp
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iQEVAwUBRwAFtTvRww8BFPxFAQLu9Qf9EDESGenPl9IEmpSjQlnl7If5Xng0eW+t
hb3sCuP6nuSM64XOuvXWD/mu475vhOD4zCYuH+BZBb/uoiec7uzdrCWupL/xtaPK
yZiSwbxvJ0fJBKegnKDqZqlZM+MYKiOiEgT7xslGhHLqtVp67o8s1zMmeZz8Vu9E
g+N1jGu5C08f0kS59+N0isy/GfJA5tVjnFEDP/WQKoQjneIz+AgEDMbupA0oNcNC
HIWphlbGygPUAnpdn3/Skj07cQvy4e0mH43YmsTtENJHgwHFdshCo5W1spUPO0aM
lPgqoHSeCsK5zonYG+hmGf9nxFDm2J7SpIIVRS6kpSSYJOdJXRPwdA==
=+iOg
-----END PGP SIGNATURE-----

--I3tAPq1Rm2pUxvsp--

<< Previous INDEX Search src / Print Next >>

Партнёры:

Хостинг: