CVE-2010-0180

Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6 and 3.7, when usesuexec is enabled, uses world-readable permissions for the localconfig files, which allows local users to read sensitive configuration fields, as demonstrated by the database password field and the sitewidesecret field...

FreeBSD Ports: bugzilla

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2010 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

FreeBSD Ports: bugzilla

The remote host is missing an update to the system as announced in the referenced advisory. VID f1331504-8849-11df-89b8-00151735203a OpenVAS Vulnerability Test $ Description: Auto generated from VID f1331504-8849-11df-89b8-00151735203a Authors: Thomas Reinke Copyright: Copyright c 2010 E-Soft Inc...

CVE-2010-0180

Bugzilla localconfig information disclosure (CVE-2010-0180) affects Bugzilla 3.5.1–3.6.1 and 3.7.x when use_suexec is enabled. World-readable permissions on localconfig can allow local users to read sensitive fields (e.g., database password, site_wide_secret). Related CVEs (CVE-2010-2470) note si...

Mozilla Bugzilla localconfig文件信息泄露漏洞

BUGTRAQ ID: 41144 CVE ID: CVE-2010-0180 Bugzilla是很多软件项目都在使用的基于Web的BUG跟踪系统。 如果在localconfig文件中将$usesuexec设置为1，则localconfig文件的权限就会被设置为checksetup.pl完全可读，这允许所有拥有本地shell访问的用户都可以查看文件内容，包括数据库口令和用于防范CSRF的sitewidesecret变量。 Mozilla Bugzilla 3.x Mozilla Bugzilla 2.x 厂商补丁： Mozilla -------...