FreeBSD Ports: bugzilla, ja-bugzilla

# SPDX-FileCopyrightText: 2008 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.57578");
  script_version("2023-07-26T05:05:09+0000");
  script_tag(name:"last_modification", value:"2023-07-26 05:05:09 +0000 (Wed, 26 Jul 2023)");
  script_tag(name:"creation_date", value:"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)");
  script_cve_id("CVE-2006-5453", "CVE-2006-5454", "CVE-2006-5455");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_name("FreeBSD Ports: bugzilla, ja-bugzilla");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2008 E-Soft Inc.");
  script_family("FreeBSD Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/freebsd", "ssh/login/freebsdrel");

  script_tag(name:"insight", value:"The following packages are affected:

  bugzilla
   ja-bugzilla

CVE-2006-5453
Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x
before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x
before 2.23.3 allow remote authenticated users to inject arbitrary web
script or HTML via (1) page headers using the H1, H2, and H3 HTML tags
in global/header.html.tmpl, (2) description fields of certain items in
various edit cgi scripts, and (3) the id parameter in
showdependencygraph.cgi.
CVE-2006-5454
Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before
2.22.1, and 2.23.x before 2.23.3 allow remote attackers to obtain (1)
the description of arbitrary attachments by viewing the attachment in
'diff' mode in attachment.cgi, and (2) the deadline field by viewing
the XML format of the bug in show_bug.cgi.
CVE-2006-5455
Cross-site request forgery (CSRF) vulnerability in editversions.cgi in
Bugzilla before 2.22.1 and 2.23.x before 2.23.3 allows user-assisted
remote attackers to create, modify, or delete arbitrary bug reports
via a crafted URL.");

  script_tag(name:"solution", value:"Update your system with the appropriate patches or
  software upgrades.");

  script_xref(name:"URL", value:"http://www.bugzilla.org/security/2.18.5/");
  script_xref(name:"URL", value:"http://www.vuxml.org/freebsd/6d68618a-7199-11db-a2ad-000c6ec775d9.html");

  script_tag(name:"summary", value:"The remote host is missing an update to the system
  as announced in the referenced advisory.");

  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-bsd.inc");

vuln = FALSE;
txt = "";

bver = portver(pkg:"bugzilla");
if(!isnull(bver) && revcomp(a:bver, b:"2")>0 && revcomp(a:bver, b:"2.22.1")<0) {
  txt += 'Package bugzilla version ' + bver + ' is installed which is known to be vulnerable.\n';
  vuln = TRUE;
}
bver = portver(pkg:"ja-bugzilla");
if(!isnull(bver) && revcomp(a:bver, b:"2")>0 && revcomp(a:bver, b:"2.22.1")<0) {
  txt += 'Package ja-bugzilla version ' + bver + ' is installed which is known to be vulnerable.\n';
  vuln = TRUE;
}

if(vuln) {
  security_message(data:txt);
} else if (__pkg_match) {
  exit(99);
}