Bugzilla globals.pl Symlink Arbitrary File Overwrite

2003-03-12T18:20:00
ID OSVDB:6383
Type osvdb
Reporter Jonathan Schatz(jon@vmware.com)
Modified 2003-03-12T18:20:00

Description

Vulnerability Description

Bugzilla contains a flaw that may allow a malicious user to overwrite arbitrary files. The problem is that the program creates temporary files in directories with insecure permissions and does not verify that the filename is unused. It is possible that the flaw may allow a malicious user to create a symlink from the globals.pl script and overwrite an arbitrary file, resulting in a loss of integrity or availability.

Solution Description

Upgrade to version 2.16.3 (stable release) or 2.17.4 (development release) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Bugzilla contains a flaw that may allow a malicious user to overwrite arbitrary files. The problem is that the program creates temporary files in directories with insecure permissions and does not verify that the filename is unused. It is possible that the flaw may allow a malicious user to create a symlink from the globals.pl script and overwrite an arbitrary file, resulting in a loss of integrity or availability.

References:

Vendor URL: http://www.bugzilla.org/ Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Related OSVDB ID: 6348 Related OSVDB ID: 6384 Related OSVDB ID: 6385 Nessus Plugin ID:11553 ISS X-Force ID: 11867 CVE-2003-0603 Bugtraq ID: 7412