CVE-2005-2173
CVSS5.0
发布时间 :2005-07-08 00:00:00
修订时间 :2008-09-05 16:51:04
NMCOPS    

[原文]The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to 2.18.1 and 2.19.1 to 2.19.3 do not verify that the flag ID is appropriate for the given bug or attachment ID, which allows users to change flags on arbitrary bugs and obtain a bug summary via process_bug.cgi.


[CNNVD]Bugzilla flag 信息泄露漏洞(CNNVD-200507-077)

        Bugzilla是基于Web的漏洞跟踪系统。
        多个Bugzilla版本(2.17.1至2.18.1及2.19.1及2.19.3)中的Flag::validate和Flag::modify函数存在信息泄露漏洞。
        由于没有检查flag ID与对应的Bug或attachment ID是否匹配,用户可以通过修改标记的方法,获取任意bug摘要信息。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:mozilla:bugzilla:2.19.1Mozilla Bugzilla 2.19.1
cpe:/a:mozilla:bugzilla:2.17.3Mozilla Bugzilla 2.17.3
cpe:/a:mozilla:bugzilla:2.18Mozilla Bugzilla 2.18
cpe:/a:mozilla:bugzilla:2.19.3Mozilla Bugzilla 2.19.3
cpe:/a:mozilla:bugzilla:2.19.2Mozilla Bugzilla 2.19.2
cpe:/a:mozilla:bugzilla:2.18.1Mozilla Bugzilla 2.18.1
cpe:/a:mozilla:bugzilla:2.17.4Mozilla Bugzilla 2.17.4
cpe:/a:mozilla:bugzilla:2.17.7Mozilla Bugzilla 2.17.7
cpe:/a:mozilla:bugzilla:2.18:rc3Mozilla Bugzilla 2.18 rc3
cpe:/a:mozilla:bugzilla:2.18:rc1Mozilla Bugzilla 2.18 rc1
cpe:/a:mozilla:bugzilla:2.17.6Mozilla Bugzilla 2.17.6
cpe:/a:mozilla:bugzilla:2.19Mozilla Bugzilla 2.19
cpe:/a:mozilla:bugzilla:2.17.1Mozilla Bugzilla 2.17.1
cpe:/a:mozilla:bugzilla:2.18:rc2Mozilla Bugzilla 2.18 rc2
cpe:/a:mozilla:bugzilla:2.17.5Mozilla Bugzilla 2.17.5

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2173
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2173
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200507-077
(官方数据源) CNNVD

- 其它链接及资源

https://bugzilla.mozilla.org/show_bug.cgi?id=293159
(PATCH)  CONFIRM  https://bugzilla.mozilla.org/show_bug.cgi?id=293159
http://www.bugzilla.org/security/2.18.1/
(VENDOR_ADVISORY)  CONFIRM  http://www.bugzilla.org/security/2.18.1/
http://securitytracker.com/id?1014428
(UNKNOWN)  SECTRACK  1014428

- 漏洞信息

Bugzilla flag 信息泄露漏洞
中危 访问验证错误
2005-07-08 00:00:00 2005-10-20 00:00:00
远程  
        Bugzilla是基于Web的漏洞跟踪系统。
        多个Bugzilla版本(2.17.1至2.18.1及2.19.1及2.19.3)中的Flag::validate和Flag::modify函数存在信息泄露漏洞。
        由于没有检查flag ID与对应的Bug或attachment ID是否匹配,用户可以通过修改标记的方法,获取任意bug摘要信息。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://www.bugzilla.org/download/
        

- 漏洞信息 (F38674)

Gentoo Linux Security Advisory 200507-12 (PacketStormID:F38674)
2005-07-14 00:00:00
Gentoo  security.gentoo.org
advisory
linux,gentoo
CVE-2005-2173,CVE-2005-2174
[点击下载]

Gentoo Linux Security Advisory GLSA 200507-12 - Bugzilla allows any user to modify the flags of any bug (CVE-2005-2173). Bugzilla inserts bugs into the database before marking them as private, in connection with MySQL replication this could lead to a race condition (CVE-2005-2174). Versions less than 2.18.3 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200507-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Low
     Title: Bugzilla: Unauthorized access and information disclosure
      Date: July 13, 2005
      Bugs: #98348
        ID: 200507-12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities in Bugzilla could allow remote users to modify
bug flags or gain sensitive information.

Background
==========

Bugzilla is a web-based bug-tracking system used by many projects.

Affected packages
=================

    -------------------------------------------------------------------
     Package            /  Vulnerable  /                    Unaffected
    -------------------------------------------------------------------
  1  www-apps/bugzilla      < 2.18.3                         >= 2.18.3

Description
===========

Bugzilla allows any user to modify the flags of any bug
(CAN-2005-2173). Bugzilla inserts bugs into the database before marking
them as private, in connection with MySQL replication this could lead
to a race condition (CAN-2005-2174).

Impact
======

By manually changing the URL to process_bug.cgi, a remote attacker
could modify the flags of any given bug, which could trigger an email
including the bug summary to be sent to the attacker. The race
condition when using Bugzilla with MySQL replication could lead to a
short timespan (usually less than a second) where the summary of
private bugs is exposed to all users.

Workaround
==========

There are no known workarounds at this time.

Resolution
==========

All Bugzilla users should upgrade to the latest available version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/bugzilla-2.18.3"

References
==========

  [ 1 ] CAN-2005-2173
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2173
  [ 2 ] CAN-2005-2174
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2174
  [ 3 ] Bugzilla Security Advisory
        http://www.bugzilla.org/security/2.18.1/

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200507-12.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

    

- 漏洞信息

17800
Bugzilla process_bug.cgi Arbitrary Bug Flag Modification
Input Manipulation
Loss of Integrity Patch / RCS, Upgrade
Vendor Verified

- 漏洞描述

- 时间线

2005-07-08 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 2.18.2 or higher, as it has been reported to fix this vulnerability. In addition, the Bugzilla team has released a patch for some older versions.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Bugzilla Unauthorized Flag Change Access Validation Vulnerability
Access Validation Error 14198
Yes No
2005-07-08 12:00:00 2009-07-12 04:06:00
The individual or individuals responsible for the discovery of this issue are currently unknown; the vendor disclosed this issue.

- 受影响的程序版本

Mozilla Bugzilla 2.19.3
Mozilla Bugzilla 2.19.2
Mozilla Bugzilla 2.19.1
Mozilla Bugzilla 2.18 rc3
Mozilla Bugzilla 2.18 rc2
Mozilla Bugzilla 2.18 rc1
Mozilla Bugzilla 2.17.7
Mozilla Bugzilla 2.17.6
Mozilla Bugzilla 2.17.5
Mozilla Bugzilla 2.17.4
Mozilla Bugzilla 2.17.3
Mozilla Bugzilla 2.17.1
Gentoo Linux
Mozilla Bugzilla 2.20 rc1
Mozilla Bugzilla 2.18.2

- 不受影响的程序版本

Mozilla Bugzilla 2.20 rc1
Mozilla Bugzilla 2.18.2

- 漏洞讨论

Bugzilla is affected by an access validation vulnerability. This issue is due to a failure in the application to do proper authentication before permitting changes to bug flags.

An attacker could exploit this vulnerability to retrieve an emailed copy of the summary of the bug; other attacks may also be possible. Information obtained may aid in attacks against the system reported in the bug.

It should be noted users of the 'request_group' or 'grant_group' features of the 2.19 versions of Bugzilla may not be affected by this vulnerability. Those features state the permissions on the changing of flag settings.

- 漏洞利用

No exploit is required.

- 解决方案

The vendor has addressed this issue in the stable Bugzilla version 2.18.2; earlier versions are reported vulnerable. Users of the development snapshot should upgrade to the latest candidate release 2.20rc1.

Gentoo has released security advisory GLSA 200507-12 addressing this issue. Gentoo recommends all Bugzilla users should upgrade to the latest available version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/bugzilla-2.18.3"


Mozilla Bugzilla 2.17.1

Mozilla Bugzilla 2.17.3

Mozilla Bugzilla 2.17.4

Mozilla Bugzilla 2.17.5

Mozilla Bugzilla 2.17.6

Mozilla Bugzilla 2.17.7

Mozilla Bugzilla 2.18 rc1

Mozilla Bugzilla 2.18 rc3

Mozilla Bugzilla 2.18 rc2

Mozilla Bugzilla 2.19.1

Mozilla Bugzilla 2.19.2

Mozilla Bugzilla 2.19.3

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站