CVE-2005-2174
CVSS2.6
发布时间 :2005-07-08 00:00:00
修订时间 :2008-09-05 16:51:04
NMCOPS    

[原文]Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 inserts a bug into the database before it is marked private, which introduces a race condition and allows attackers to access information about the bug via buglist.cgi before MySQL replication is complete.


[CNNVD]Bugzilla 竞争条件 信息泄露漏洞(CNNVD-200507-076)

        Bugzilla是基于Web的漏洞跟踪系统。
        多个Bugzilla版本(2.17.x、2.18.2之前的2.18系列、2.19.x及2.20rc1之前的2.20版本)存在信息泄露漏洞。
        由于在处理漏洞标记时存在竞争条件,漏洞在标记为保密之前便加入到了数据库。这样,在加入漏洞和标记为保密这段时间之间MySQL复制有一个延迟。攻击者可以在这段时间中非授权访问到某些漏洞信息。

- CVSS (基础分值)

CVSS分值: 2.6 [轻微(LOW)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:mozilla:bugzilla:2.19.1Mozilla Bugzilla 2.19.1
cpe:/a:mozilla:bugzilla:2.17.3Mozilla Bugzilla 2.17.3
cpe:/a:mozilla:bugzilla:2.18Mozilla Bugzilla 2.18
cpe:/a:mozilla:bugzilla:2.19.3Mozilla Bugzilla 2.19.3
cpe:/a:mozilla:bugzilla:2.19.2Mozilla Bugzilla 2.19.2
cpe:/a:mozilla:bugzilla:2.18.1Mozilla Bugzilla 2.18.1
cpe:/a:mozilla:bugzilla:2.17.4Mozilla Bugzilla 2.17.4
cpe:/a:mozilla:bugzilla:2.17.7Mozilla Bugzilla 2.17.7
cpe:/a:mozilla:bugzilla:2.18:rc3Mozilla Bugzilla 2.18 rc3
cpe:/a:mozilla:bugzilla:2.18:rc1Mozilla Bugzilla 2.18 rc1
cpe:/a:mozilla:bugzilla:2.17.6Mozilla Bugzilla 2.17.6
cpe:/a:mozilla:bugzilla:2.19Mozilla Bugzilla 2.19
cpe:/a:mozilla:bugzilla:2.17.1Mozilla Bugzilla 2.17.1
cpe:/a:mozilla:bugzilla:2.18:rc2Mozilla Bugzilla 2.18 rc2
cpe:/a:mozilla:bugzilla:2.17.5Mozilla Bugzilla 2.17.5

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2174
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2174
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200507-076
(官方数据源) CNNVD

- 其它链接及资源

https://bugzilla.mozilla.org/show_bug.cgi?id=293159
(PATCH)  CONFIRM  https://bugzilla.mozilla.org/show_bug.cgi?id=293159
http://www.bugzilla.org/security/2.18.1/
(VENDOR_ADVISORY)  CONFIRM  http://www.bugzilla.org/security/2.18.1/
http://securitytracker.com/id?1014428
(UNKNOWN)  SECTRACK  1014428

- 漏洞信息

Bugzilla 竞争条件 信息泄露漏洞
低危 竞争条件
2005-07-08 00:00:00 2005-10-20 00:00:00
远程  
        Bugzilla是基于Web的漏洞跟踪系统。
        多个Bugzilla版本(2.17.x、2.18.2之前的2.18系列、2.19.x及2.20rc1之前的2.20版本)存在信息泄露漏洞。
        由于在处理漏洞标记时存在竞争条件,漏洞在标记为保密之前便加入到了数据库。这样,在加入漏洞和标记为保密这段时间之间MySQL复制有一个延迟。攻击者可以在这段时间中非授权访问到某些漏洞信息。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://www.bugzilla.org/download/
        

- 漏洞信息 (F38674)

Gentoo Linux Security Advisory 200507-12 (PacketStormID:F38674)
2005-07-14 00:00:00
Gentoo  security.gentoo.org
advisory
linux,gentoo
CVE-2005-2173,CVE-2005-2174
[点击下载]

Gentoo Linux Security Advisory GLSA 200507-12 - Bugzilla allows any user to modify the flags of any bug (CVE-2005-2173). Bugzilla inserts bugs into the database before marking them as private, in connection with MySQL replication this could lead to a race condition (CVE-2005-2174). Versions less than 2.18.3 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200507-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Low
     Title: Bugzilla: Unauthorized access and information disclosure
      Date: July 13, 2005
      Bugs: #98348
        ID: 200507-12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities in Bugzilla could allow remote users to modify
bug flags or gain sensitive information.

Background
==========

Bugzilla is a web-based bug-tracking system used by many projects.

Affected packages
=================

    -------------------------------------------------------------------
     Package            /  Vulnerable  /                    Unaffected
    -------------------------------------------------------------------
  1  www-apps/bugzilla      < 2.18.3                         >= 2.18.3

Description
===========

Bugzilla allows any user to modify the flags of any bug
(CAN-2005-2173). Bugzilla inserts bugs into the database before marking
them as private, in connection with MySQL replication this could lead
to a race condition (CAN-2005-2174).

Impact
======

By manually changing the URL to process_bug.cgi, a remote attacker
could modify the flags of any given bug, which could trigger an email
including the bug summary to be sent to the attacker. The race
condition when using Bugzilla with MySQL replication could lead to a
short timespan (usually less than a second) where the summary of
private bugs is exposed to all users.

Workaround
==========

There are no known workarounds at this time.

Resolution
==========

All Bugzilla users should upgrade to the latest available version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/bugzilla-2.18.3"

References
==========

  [ 1 ] CAN-2005-2173
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2173
  [ 2 ] CAN-2005-2174
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2174
  [ 3 ] Bugzilla Security Advisory
        http://www.bugzilla.org/security/2.18.1/

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200507-12.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

    

- 漏洞信息

17801
Bugzilla MySQL Replication Race Condition Information Disclosure
Information Disclosure
Loss of Confidentiality
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-07-08 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Bugzilla Summary and Title Unauthorized Access Vulnerability
Race Condition Error 14200
Yes No
2005-07-08 12:00:00 2009-07-12 04:06:00
The individual or individuals responsible for the discovery of this issue are currently unknown; the vendor disclosed this issue.

- 受影响的程序版本

Mozilla Bugzilla 2.19.3
Mozilla Bugzilla 2.19.2
Mozilla Bugzilla 2.19.1
Mozilla Bugzilla 2.18.1
Mozilla Bugzilla 2.18 rc3
Mozilla Bugzilla 2.18 rc2
Mozilla Bugzilla 2.18 rc1
Mozilla Bugzilla 2.17.7
Mozilla Bugzilla 2.17.6
Mozilla Bugzilla 2.17.5
Mozilla Bugzilla 2.17.4
Mozilla Bugzilla 2.17.3
Mozilla Bugzilla 2.17.1
Gentoo Linux
Mozilla Bugzilla 2.20 rc1
Mozilla Bugzilla 2.18.2

- 不受影响的程序版本

Mozilla Bugzilla 2.20 rc1
Mozilla Bugzilla 2.18.2

- 漏洞讨论

Bugzilla is prone to an unauthorized access vulnerability.

An attacker could exploit this vulnerability to retrieve the summary, and on slower machines the title of the newly added bug entry. Information obtained may aid in other attacks against the system detailed in the bug entry.

- 漏洞利用

No exploit is required.

- 解决方案

The vendor has addressed this issue in the stable Bugzilla version 2.18.2; earlier versions are reported vulnerable. Users of the development snapshot should upgrade to the latest candidate release 2.20rc1.

Gentoo has released security advisory GLSA 200507-12 addressing this issue. Gentoo recommends all Bugzilla users should upgrade to the latest available version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/bugzilla-2.18.3"


Mozilla Bugzilla 2.17.1

Mozilla Bugzilla 2.17.3

Mozilla Bugzilla 2.17.4

Mozilla Bugzilla 2.17.5

Mozilla Bugzilla 2.17.6

Mozilla Bugzilla 2.17.7

Mozilla Bugzilla 2.18 rc1

Mozilla Bugzilla 2.18 rc3

Mozilla Bugzilla 2.18 rc2

Mozilla Bugzilla 2.18.1

Mozilla Bugzilla 2.19.1

Mozilla Bugzilla 2.19.2

Mozilla Bugzilla 2.19.3

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站