16426 : Bugzilla Closed State Product Bug Entry Creation
Printer | http://osvdb.org/16426 | Email This | Edit Vulnerability

Views This Week

Views All Time

140

Info

Last Modified

about 1 year ago

Percent Complete

100%

Disclosure

May 12, 2005

Discovery

Unknown

Dates

Exploit

May 12, 2005

Solution

Unknown

Keywords

No Keywords

Description

Bugzilla contains a flaw that may lead to an unauthorized information modification. The issue is triggered when a user correctly guesses the name of a product that should be invisible to them. When this occurs, the user will be able to enter bugs into products that are closed for the bug entry resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Upgrade to version 2.16.9 or higher, version 2.18.1 or higher, or 2.19.3 or higher, as these versions have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Mozilla Organization	Bugzilla	2.19.1
		2.18
		2.19.2
		2.18.1
		2.19.3
		2.16.8
		2.16.9

References

Secunia Advisory ID: 15338
Related OSVDB ID: 16425 16427
CVE ID: 2005-1564 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-05/0144.html
Vendor Specific Advisory URL: http://www.bugzilla.org/security/2.16.8/
Vendor Specific News/Changelog Entry: https://bugzilla.mozilla.org/show_bug.cgi?id=287109

Tools & Filters

Nessus	18245

Credit

Roman Pszonka -
Gervase Markham -
Frédéric Buclin -
Myk Melez -
Joel Peshkin - bugreportpeshkin.net -
Marc Schumann -

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Keywords

Description

Classification

Solution

Products

Mozilla Organization

Bugzilla

References

Tools & Filters

Credit

Blogs

Comments