Security Advisory for Bugzilla 5.0.1, 4.4.10 and 4.2.15
2015-10-26T00:00:00
ID SECURITYVULNS:DOC:32636 Type securityvulns Reporter Securityvulns Modified 2015-10-26T00:00:00
Description
Summary
Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issue has been discovered
in Bugzilla:
Login names longer than 127 characters can be corrupted, which could
lead to the creation of a user account with an unexpected email
address.
All affected installations are encouraged to upgrade as soon as
possible.
Vulnerability Details
Class: Unauthorized Account Creation
Versions: Bugzilla 2.0 to 4.2.14, 4.3.1 to 4.4.9, 4.5.1 to 5.0
Fixed In: 4.2.15, 4.4.10, 5.0.1
Description: Login names (usually an email address) longer than 127
characters are silently truncated in MySQL which could
cause the domain name of the email address to be
corrupted. An attacker could use this vulnerability to
create an account with an email address different from the
one originally requested. The login name could then be
automatically added to groups based on the group's regular
expression setting.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=1202447
CVE Number: CVE-2015-4499
Vulnerability Solutions
The fix for this issue is included in the 4.2.15, 4.4.10 and 5.0.1
releases. Upgrading to a release with the relevant fix will
protect your installation from possible exploits of this issue.
If you are unable to upgrade but would like to patch just the security
vulnerability, there are patches available for the issue at the
"References" URL.
Full release downloads, patches to upgrade Bugzilla from previous
versions, and git upgrade instructions are available at:
https://www.bugzilla.org/download/
Credits
The Bugzilla team wish to thank the following people for their
assistance in locating, advising us of, and assisting us to fix these
issues:
Byron Jones
Frederic Buclin
Netanel Rubin
General information about the Bugzilla bug-tracking system can be found
at:
https://www.bugzilla.org/
Comments and follow-ups can be directed to the mozilla.support.bugzilla
newsgroup or the support-bugzilla mailing list.
https://www.bugzilla.org/support/ has directions for accessing these
forums.
{"id": "SECURITYVULNS:DOC:32636", "bulletinFamily": "software", "title": "Security Advisory for Bugzilla 5.0.1, 4.4.10 and 4.2.15", "description": "\r\n\r\nSummary\r\n=======\r\n\r\nBugzilla is a Web-based bug-tracking system used by a large number of\r\nsoftware projects. The following security issue has been discovered\r\nin Bugzilla:\r\n\r\n* Login names longer than 127 characters can be corrupted, which could\r\n lead to the creation of a user account with an unexpected email\r\n address.\r\n\r\nAll affected installations are encouraged to upgrade as soon as\r\npossible.\r\n\r\n\r\nVulnerability Details\r\n=====================\r\n\r\nClass: Unauthorized Account Creation\r\nVersions: Bugzilla 2.0 to 4.2.14, 4.3.1 to 4.4.9, 4.5.1 to 5.0\r\nFixed In: 4.2.15, 4.4.10, 5.0.1\r\nDescription: Login names (usually an email address) longer than 127\r\n characters are silently truncated in MySQL which could\r\n cause the domain name of the email address to be\r\n corrupted. An attacker could use this vulnerability to\r\n create an account with an email address different from the\r\n one originally requested. The login name could then be\r\n automatically added to groups based on the group's regular\r\n expression setting.\r\nReferences: https://bugzilla.mozilla.org/show_bug.cgi?id=1202447\r\nCVE Number: CVE-2015-4499\r\n\r\n\r\nVulnerability Solutions\r\n=======================\r\n\r\nThe fix for this issue is included in the 4.2.15, 4.4.10 and 5.0.1\r\nreleases. Upgrading to a release with the relevant fix will\r\nprotect your installation from possible exploits of this issue.\r\n\r\nIf you are unable to upgrade but would like to patch just the security\r\nvulnerability, there are patches available for the issue at the\r\n"References" URL.\r\n\r\nFull release downloads, patches to upgrade Bugzilla from previous\r\nversions, and git upgrade instructions are available at:\r\n\r\n https://www.bugzilla.org/download/\r\n\r\n\r\nCredits\r\n=======\r\n\r\nThe Bugzilla team wish to thank the following people for their\r\nassistance in locating, advising us of, and assisting us to fix these\r\nissues:\r\n\r\nByron Jones\r\nFrederic Buclin\r\nNetanel Rubin\r\n\r\nGeneral information about the Bugzilla bug-tracking system can be found\r\nat:\r\n\r\n https://www.bugzilla.org/\r\n\r\nComments and follow-ups can be directed to the mozilla.support.bugzilla\r\nnewsgroup or the support-bugzilla mailing list.\r\nhttps://www.bugzilla.org/support/ has directions for accessing these\r\nforums.\r\n\r\n", "published": "2015-10-26T00:00:00", "modified": "2015-10-26T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32636", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2015-4499"], "type": "securityvulns", "lastseen": "2018-08-31T11:11:02", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "c02799b246537765f31df19f2ff7f0f7"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "1808a113159e62272345e0db93e238b5"}, {"key": "href", "hash": "88261bb30455e189bec9b45b75aa51a4"}, {"key": "modified", "hash": "e19fc1de2ba90872a16cbe6fef116c0c"}, {"key": "published", "hash": "e19fc1de2ba90872a16cbe6fef116c0c"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "b3b6aa325aa087d53a25a44b48ec01e4"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "0d53b06a01a06f02d78b0af1dc2a9ecb41a8a12d6802160456e7505f1ef43b92", "viewCount": 1, "enchantments": {"score": {"value": 5.0, "vector": "NONE", "modified": "2018-08-31T11:11:02"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-4499"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310806145", "OPENVAS:1361412562310806144", "OPENVAS:1361412562310131181"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32635", "SECURITYVULNS:VULN:14750"]}, {"type": "freebsd", "idList": ["EA893F06-5A92-11E5-98C0-20CF30E32F6D"]}, {"type": "nessus", "idList": ["FEDORA_2015-15769.NASL", "FREEBSD_PKG_EA893F065A9211E598C020CF30E32F6D.NASL", "FEDORA_2015-15767.NASL", "BUGZILLA_5_0_1.NASL", "FEDORA_2015-15768.NASL"]}, {"type": "thn", "idList": ["THN:57844A6D84D9A0FA14AE59A2F80D2ED3"]}, {"type": "threatpost", "idList": ["THREATPOST:08B4ABD7A410F1578FEC2912E0070CA2"]}, {"type": "archlinux", "idList": ["ASA-201510-4"]}], "modified": "2018-08-31T11:11:02"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "affectedSoftware": []}
{"cve": [{"lastseen": "2017-04-18T15:57:11", "bulletinFamily": "NVD", "description": "Util.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.15, 4.3.x and 4.4.x before 4.4.10, and 5.x before 5.0.1 mishandles long e-mail addresses during account registration, which allows remote attackers to obtain the default privileges for an arbitrary domain name by placing that name in a substring of an address, as demonstrated by truncation of an @mozilla.com.example.com address to an @mozilla.com address.", "modified": "2016-12-21T21:59:54", "published": "2015-09-13T21:59:01", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4499", "id": "CVE-2015-4499", "title": "CVE-2015-4499", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-09-01T23:49:37", "bulletinFamily": "scanner", "description": "Check the version of bugzilla", "modified": "2017-07-10T00:00:00", "published": "2015-10-29T00:00:00", "id": "OPENVAS:1361412562310806145", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806145", "title": "Fedora Update for bugzilla FEDORA-2015-15767", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for bugzilla FEDORA-2015-15767\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806145\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-29 05:54:20 +0100 (Thu, 29 Oct 2015)\");\n script_cve_id(\"CVE-2015-4499\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for bugzilla FEDORA-2015-15767\");\n script_tag(name: \"summary\", value: \"Check the version of bugzilla\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Bugzilla is a popular bug tracking system\nused by multiple open source projects It requires a database engine\ninstalled - either MySQL, PostgreSQL or Oracle. Without one of these database\nengines (local or remote), Bugzilla will not work - see the Release Notes for\ndetails.\n\");\n script_tag(name: \"affected\", value: \"bugzilla on Fedora 22\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-15767\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-October/169983.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"bugzilla\", rpm:\"bugzilla~4.4.10~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:49:40", "bulletinFamily": "scanner", "description": "Check the version of bugzilla", "modified": "2017-07-10T00:00:00", "published": "2015-10-29T00:00:00", "id": "OPENVAS:1361412562310806144", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806144", "title": "Fedora Update for bugzilla FEDORA-2015-15768", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for bugzilla FEDORA-2015-15768\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806144\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-29 05:54:34 +0100 (Thu, 29 Oct 2015)\");\n script_cve_id(\"CVE-2015-4499\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for bugzilla FEDORA-2015-15768\");\n script_tag(name: \"summary\", value: \"Check the version of bugzilla\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Bugzilla is a popular bug tracking system\nused by multiple open source projects It requires a database engine\ninstalled - either MySQL, PostgreSQL or Oracle. Without one of these database\nengines (local or remote), Bugzilla will not work - see the Release Notes for\ndetails.\n\");\n script_tag(name: \"affected\", value: \"bugzilla on Fedora 21\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-15768\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-October/169946.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"bugzilla\", rpm:\"bugzilla~4.4.10~1.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-01T10:26:59", "bulletinFamily": "scanner", "description": "Mageia Linux Local Security Checks mgasa-2016-0006", "modified": "2018-09-28T00:00:00", "published": "2016-01-14T00:00:00", "id": "OPENVAS:1361412562310131181", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310131181", "title": "Mageia Linux Local Check: mgasa-2016-0006", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2016-0006.nasl 11692 2018-09-28 16:55:19Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.131181\");\n script_version(\"$Revision: 11692 $\");\n script_tag(name:\"creation_date\", value:\"2016-01-14 07:28:54 +0200 (Thu, 14 Jan 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 18:55:19 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2016-0006\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2016-0006.html\");\n script_cve_id(\"CVE-2015-4499\", \"CVE-2015-8508\", \"CVE-2015-8509\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2016-0006\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"bugzilla\", rpm:\"bugzilla~4.4.11~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-01-16T20:22:38", "bulletinFamily": "scanner", "description": "Security fix for CVE-2015-4499 A security problem was found in\nsupported versions of Bugzilla. Login names longer than 127 characters\ncan be corrupted, which could lead to the creation of a user account\nwith an unexpected email address. Bugzilla 4.4.10 fixes the issue for\nthe 4.4 branch of Bugzilla.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2015-10-29T00:00:00", "published": "2015-10-29T00:00:00", "id": "FEDORA_2015-15767.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86643", "title": "Fedora 22 : bugzilla-4.4.10-1.fc22 (2015-15767)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-15767.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86643);\n script_version(\"$Revision: 2.1 $\");\n script_cvs_date(\"$Date: 2015/10/29 13:44:40 $\");\n\n script_cve_id(\"CVE-2015-4499\");\n script_xref(name:\"FEDORA\", value:\"2015-15767\");\n\n script_name(english:\"Fedora 22 : bugzilla-4.4.10-1.fc22 (2015-15767)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2015-4499 A security problem was found in\nsupported versions of Bugzilla. Login names longer than 127 characters\ncan be corrupted, which could lead to the creation of a user account\nwith an unexpected email address. Bugzilla 4.4.10 fixes the issue for\nthe 4.4 branch of Bugzilla.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1262404\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-October/169983.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e59bc020\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected bugzilla package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:bugzilla\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"bugzilla-4.4.10-1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bugzilla\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:22:25", "bulletinFamily": "scanner", "description": "According to its banner, the version of Bugzilla running on the remote\nhost contains a flaw that causes input passed via the 'login'\nparameter to be truncated, resulting in domain names of email\naddresses becoming corrupted. An unauthenticated, remote attacker can\nexploit this to create accounts with email accounts that differ from\nthe original requests.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.", "modified": "2018-11-15T00:00:00", "published": "2015-09-21T00:00:00", "id": "BUGZILLA_5_0_1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86048", "title": "Bugzilla < 4.2.15 / 4.4.10 / 5.0.1 Unauthorized Account Creation Vulnerability", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86048);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/11/15 20:50:16\");\n\n script_cve_id(\"CVE-2015-4499\");\n script_bugtraq_id(76713);\n\n script_name(english:\"Bugzilla < 4.2.15 / 4.4.10 / 5.0.1 Unauthorized Account Creation Vulnerability\");\n script_summary(english:\"Checks the Bugzilla version number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a web application that is affected by a\nvulnerability that allows the creation of user accounts.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of Bugzilla running on the remote\nhost contains a flaw that causes input passed via the 'login'\nparameter to be truncated, resulting in domain names of email\naddresses becoming corrupted. An unauthenticated, remote attacker can\nexploit this to create accounts with email accounts that differ from\nthe original requests.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.bugzilla.org/security/4.2.14/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Bugzilla 4.2.15 / 4.4.10 / 5.0.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:ND\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/09/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/21\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:bugzilla\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"bugzilla_detect.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_keys(\"installed_sw/Bugzilla\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp = \"Bugzilla\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:80);\n\ninstall = get_single_install(\n app_name : app,\n port : port,\n exit_if_unknown_ver : TRUE\n);\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\ndir = install[\"path\"];\nversion = install[\"version\"];\n\ninstall_loc = build_url(port:port, qs:dir + \"/query.cgi\");\n\n# Versions 2.0 to 4.2.14\nif (\n version =~ \"^[23]\\.\" ||\n version =~ \"^4\\.[01]($|\\.)\" ||\n version =~ \"^4\\.2($|\\.([0-9]|1[0-4])|rc[12])([^0-9]|$)\"\n) fix = '4.2.15';\n# Versions 4.3.1 to 4.4.9\nelse if (\n version =~ \"^4\\.3(\\.|$)\" ||\n version =~ \"^4\\.4($|\\.[0-9]|rc[12])($|[^0-9])\"\n) fix = '4.4.10';\n# Versions 4.5.1 to 5.0\nelse if (\n version =~ \"^4\\.[5-9](\\.|$)\" ||\n version =~ \"^5\\.0($|\\.0|rc[12])($|[^0-9])\"\n) fix = '5.0.1';\nelse\n fix = NULL;\n\nif (!isnull(fix))\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' +install_loc+\n '\\n Installed version : ' +version+\n '\\n Fixed version : ' +fix+\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_loc, version);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:22:29", "bulletinFamily": "scanner", "description": "Security fix for CVE-2015-4499 A security problem was found in\nsupported versions of Bugzilla. Login names longer than 127 characters\ncan be corrupted, which could lead to the creation of a user account\nwith an unexpected email address. Bugzilla 4.4.10 fixes the issue for\nthe 4.4 branch of Bugzilla.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2015-10-19T00:00:00", "published": "2015-10-06T00:00:00", "id": "FEDORA_2015-15769.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86273", "title": "Fedora 23 : bugzilla-4.4.10-1.fc23 (2015-15769)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-15769.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86273);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:57:27 $\");\n\n script_cve_id(\"CVE-2015-4499\");\n script_xref(name:\"FEDORA\", value:\"2015-15769\");\n\n script_name(english:\"Fedora 23 : bugzilla-4.4.10-1.fc23 (2015-15769)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2015-4499 A security problem was found in\nsupported versions of Bugzilla. Login names longer than 127 characters\ncan be corrupted, which could lead to the creation of a user account\nwith an unexpected email address. Bugzilla 4.4.10 fixes the issue for\nthe 4.4 branch of Bugzilla.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1262404\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-October/168725.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dece52f8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected bugzilla package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:bugzilla\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"bugzilla-4.4.10-1.fc23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bugzilla\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:22:23", "bulletinFamily": "scanner", "description": "Bugzilla Security Advisory\n\nLogin names (usually an email address) longer than 127 characters are\nsilently truncated in MySQL which could cause the domain name of the\nemail address to be corrupted. An attacker could use this\nvulnerability to create an account with an email address different\nfrom the one originally requested. The login name could then be\nautomatically added to groups based on the group's regular expression\nsetting.", "modified": "2018-11-10T00:00:00", "published": "2015-09-14T00:00:00", "id": "FREEBSD_PKG_EA893F065A9211E598C020CF30E32F6D.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=85925", "title": "FreeBSD : Bugzilla security issues (ea893f06-5a92-11e5-98c0-20cf30e32f6d)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85925);\n script_version(\"2.3\");\n script_cvs_date(\"Date: 2018/11/10 11:49:44\");\n\n script_cve_id(\"CVE-2015-4499\");\n\n script_name(english:\"FreeBSD : Bugzilla security issues (ea893f06-5a92-11e5-98c0-20cf30e32f6d)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Bugzilla Security Advisory\n\nLogin names (usually an email address) longer than 127 characters are\nsilently truncated in MySQL which could cause the domain name of the\nemail address to be corrupted. An attacker could use this\nvulnerability to create an account with an email address different\nfrom the one originally requested. The login name could then be\nautomatically added to groups based on the group's regular expression\nsetting.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1202447\"\n );\n # https://vuxml.freebsd.org/freebsd/ea893f06-5a92-11e5-98c0-20cf30e32f6d.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?751aba49\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:bugzilla44\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:bugzilla50\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/09/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"bugzilla44<4.4.10\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"bugzilla50<5.0.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:22:38", "bulletinFamily": "scanner", "description": "Security fix for CVE-2015-4499 A security problem was found in\nsupported versions of Bugzilla. Login names longer than 127 characters\ncan be corrupted, which could lead to the creation of a user account\nwith an unexpected email address. Bugzilla 4.4.10 fixes the issue for\nthe 4.4 branch of Bugzilla.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2015-10-29T00:00:00", "published": "2015-10-29T00:00:00", "id": "FEDORA_2015-15768.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86644", "title": "Fedora 21 : bugzilla-4.4.10-1.fc21 (2015-15768)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-15768.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86644);\n script_version(\"$Revision: 2.1 $\");\n script_cvs_date(\"$Date: 2015/10/29 13:44:40 $\");\n\n script_cve_id(\"CVE-2015-4499\");\n script_xref(name:\"FEDORA\", value:\"2015-15768\");\n\n script_name(english:\"Fedora 21 : bugzilla-4.4.10-1.fc21 (2015-15768)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2015-4499 A security problem was found in\nsupported versions of Bugzilla. Login names longer than 127 characters\ncan be corrupted, which could lead to the creation of a user account\nwith an unexpected email address. Bugzilla 4.4.10 fixes the issue for\nthe 4.4 branch of Bugzilla.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1262404\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-October/169946.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c639b593\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected bugzilla package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:bugzilla\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"bugzilla-4.4.10-1.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bugzilla\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2018-08-31T01:14:33", "bulletinFamily": "unix", "description": "\nBugzilla Security Advisory\n\nLogin names (usually an email address) longer than 127\n\t characters are silently truncated in MySQL which could\n\t cause the domain name of the email address to be\n\t corrupted. An attacker could use this vulnerability to\n\t create an account with an email address different from the\n\t one originally requested. The login name could then be\n\t automatically added to groups based on the group's regular\n\t expression setting.\n\n", "modified": "2015-09-10T00:00:00", "published": "2015-09-10T00:00:00", "id": "EA893F06-5A92-11E5-98C0-20CF30E32F6D", "href": "https://vuxml.freebsd.org/freebsd/ea893f06-5a92-11e5-98c0-20cf30e32f6d.html", "title": "Bugzilla security issues", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "thn": [{"lastseen": "2018-01-27T09:18:11", "bulletinFamily": "info", "description": "[](<https://1.bp.blogspot.com/-jgs_4Xt9Upo/VfvYYYXHOVI/AAAAAAAABIk/G9rNJiiIRiY/s1600/bugzilla-zero-day-hacking.png>)\n\nA Critical vulnerability discovered in Mozilla's popular **Bugzilla bug-tracking software**, used by hundreds of thousands of prominent software organizations, could potentially expose details of their non-public security vulnerabilities to the Hackers.\n\n \n\n\nSo it\u2019s time for developers and organizations that use Bugzilla open source bug tracking system to upgrade to the latest patched versions \u2013 namely _5.0.1, 4.4.10, or 4.2.15_.\n\n \n\n\nBugzilla is a vulnerability database used by Mozilla as well as many open-source projects and private organizations. Besides patched flaws, these databases also contain sensitive information related to unpatched vulnerabilities reported to organizations.\n\n \n\n\nUnfortunately, the researchers at security firm [PerimeterX](<https://blog.perimeterx.com/bugzilla-cve-2015-4499/>) have discovered a vulnerability (**_[CVE-2015-4499](<https://www.bugzilla.org/security/4.2.14/>)_**) in Bugzilla's email-based permissions process that allowed them to gain high-level permissions on Bugzilla.\n\n \n\n\nAs a result, it is potentially possible for an attacker to easily access unpatched bugs in your database, which could then be exploited to attack affected pieces of software on people's computers before security patches are released.\n\n \n\n\nSo, anyone who uses Bugzilla and its email-based permissions is affected, including popular free software projects such as Apache Project, LibreOffice and Red Hat.\n\n \n\n\n### Incredibly Easy to Exploit\n\n \n\n\nAccording to the researchers, the vulnerability is \"_incredibly easy to exploit._\" To exploit the vulnerability, all an attacker need is to register for a regular account via email and trick the system into believing that the attacker is part of a privileged domain.\n\n \n\n\nThis causes the system into believing that the attacker is part of a privileged domain and grant domain-specific permissions.\n\n> **_\"The implications of this vulnerability are severe,\" _**PerimeterX's security researcher Netanel Rubin wrote in a blog post. _\"It could allow an attacker to access undisclosed security vulnerabilities in hundreds of products\u2026 Imagine the hundreds or thousands of zero-days and other security vulnerabilities that could potentially be exposed.\" _\n\nRubin said the flaw was tested on Mozilla's Bugzilla.mozilla.org and found that all Perl-based Bugzilla versions, including 2.0 to 4.2.14, 4.3.1 to 4.4.9, 4.5.1 to 5.0, were vulnerable at the time of the report. \n \nIt's not clear whether the **_Bugzilla vulnerability_** has been used by malicious hackers to gain access to more unpatched vulnerabilities.\n", "modified": "2015-09-18T10:08:49", "published": "2015-09-17T22:26:00", "id": "THN:57844A6D84D9A0FA14AE59A2F80D2ED3", "href": "https://thehackernews.com/2015/09/bugzilla-zero-day-hacking.html", "type": "thn", "title": "New Bug in Bugzilla Software Could Expose Zero-Day Vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "description": "\r\n\r\nSummary\r\n=======\r\n\r\nBugzilla is a Web-based bug-tracking system used by a large number of\r\nsoftware projects. The following security issue has been discovered\r\nin Bugzilla:\r\n\r\n* Login names longer than 127 characters can be corrupted, which could\r\n lead to the creation of a user account with an unexpected email\r\n address.\r\n\r\nAll affected installations are encouraged to upgrade as soon as\r\npossible.\r\n\r\n\r\nVulnerability Details\r\n=====================\r\n\r\nClass: Unauthorized Account Creation\r\nVersions: Bugzilla 2.0 to 4.2.14, 4.3.1 to 4.4.9, 4.5.1 to 5.0\r\nFixed In: 4.2.15, 4.4.10, 5.0.1\r\nDescription: Login names (usually an email address) longer than 127\r\n characters are silently truncated in MySQL which could\r\n cause the domain name of the email address to be\r\n corrupted. An attacker could use this vulnerability to\r\n create an account with an email address different from the\r\n one originally requested. The login name could then be\r\n automatically added to groups based on the group's regular\r\n expression setting.\r\nReferences: https://bugzilla.mozilla.org/show_bug.cgi?id=1202447\r\nCVE Number: CVE-2015-4499\r\n\r\n\r\nVulnerability Solutions\r\n=======================\r\n\r\nThe fix for this issue is included in the 4.2.15, 4.4.10 and 5.0.1\r\nreleases. Upgrading to a release with the relevant fix will\r\nprotect your installation from possible exploits of this issue.\r\n\r\nIf you are unable to upgrade but would like to patch just the security\r\nvulnerability, there are patches available for the issue at the\r\n"References" URL.\r\n\r\nFull release downloads, patches to upgrade Bugzilla from previous\r\nversions, and git upgrade instructions are available at:\r\n\r\n https://www.bugzilla.org/download/\r\n\r\n\r\nCredits\r\n=======\r\n\r\nThe Bugzilla team wish to thank the following people for their\r\nassistance in locating, advising us of, and assisting us to fix these\r\nissues:\r\n\r\nByron Jones\r\nFrederic Buclin\r\nNetanel Rubin\r\n\r\nGeneral information about the Bugzilla bug-tracking system can be found\r\nat:\r\n\r\n https://www.bugzilla.org/\r\n\r\nComments and follow-ups can be directed to the mozilla.support.bugzilla\r\nnewsgroup or the support-bugzilla mailing list.\r\nhttps://www.bugzilla.org/support/ has directions for accessing these\r\nforums.\r\n\r\n", "modified": "2015-10-26T00:00:00", "published": "2015-10-26T00:00:00", "id": "SECURITYVULNS:DOC:32635", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32635", "title": "Security advisory for Bugzilla 5.0, 4.4.9, and 4.2.14", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:03", "bulletinFamily": "software", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "modified": "2015-10-26T00:00:00", "published": "2015-10-26T00:00:00", "id": "SECURITYVULNS:VULN:14750", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14750", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "threatpost": [{"lastseen": "2018-10-06T22:56:16", "bulletinFamily": "info", "description": "Developers and organizations that use the Bugzilla open source bug-tracking system should upgrade to current versions after the disclosure of details of a vulnerability in its email-based permissions process.\n\nThe flaw, CVE-2015-4499, was [patched](<https://www.bugzilla.org/security/4.2.14/>) last week in versions 4.2.15, 4.4.10 and 5.0.1 after it was reported Sept. 7 to Mozilla by researchers at security company PerimeterX.\n\nAn attacker could manipulate the system to elevate their privileges, putting any vulnerabilities tracked in a Bugzilla implementation at risk for exploit.\n\n\u201cUpon successful exploitation of the vulnerability we were granted permissions that would have potentially allowed us to view confidential data,\u201d wrote researcher Netanel Rubin today in a [post](<http://blog.perimeterx.com/bugzilla-cve-2015-4499>) to the company\u2019s website. Rubin said the vulnerability was tested on Mozilla\u2019s Bugzilla.mozilla.org. \u201cAll Perl-based Bugzilla versions at the time of the report were vulnerable (2.0 to 4.2.14, 4.3.1 to 4.4.9, 4.5.1 to 5.0),\u201d he said.\n\nThis is the second security story happening around Bugzilla in the last two weeks. On Sept. 4, Mozilla reported that an internal and [privileged Bugzilla user\u2019s account was compromised](<https://threatpost.com/attacker-compromised-mozilla-bug-system-stole-private-vulnerability-data/114552/>) using a password taken from a data breach on a separate site. Mozilla confirmed that the attacker likely had access to the privileged account for two years and was able to steal information about recently patched Firefox vulnerabilities that were publicly exploited before being fixed.\n\nThe issue uncovered by PerimeterX isn\u2019t as splashy, but could still put organizations using vulnerable Bugzilla instances at risk. PerimeterX, in fact, posted a recommendation to take vulnerable Bugzilla deployments offline until patched and to comb server logs for new accounts that could have been created using the vulnerability. Rubin called the vulnerability \u201cextremely easy to exploit.\u201d\n\nAdmins are able to configure a number of access levels and [group settings](<https://bugzilla.readthedocs.org/en/5.0/administering/groups.html#groups>) for users that restrict what information they can see in the tool; generally access privileges are based via a user\u2019s email address. Email addresses belonging to trusted organizations mean that the user is equally trusted in Bugzilla, Rubin said.\n\nAn attacker exploiting the now-patched vulnerability could create an account using an email from said trusted domain, even if they don\u2019t belong to that domain. They could do so because of a weakness in the registration process where an overly long number of characters in a login can is improperly handled by the system. An attacker can take advantage of the weakness to append their true email address to an email trusted by Bugzilla. The system will send the validation link and token to the attacker\u2019s address instead because of the way it handles the extended login, giving the attacker legitimate access to the Bugzilla system.\n\n\u201cThe implications of this vulnerability are severe,\u201d Rubin wrote. \u201cIt could allow an attacker to access undisclosed security vulnerabilities in hundreds of products, in a manner similar to the [Mozilla major data leak in August](<https://threatpost.com/mozilla-patches-bug-used-in-active-attacks/114172/>) this year, only multiplied by the thousands of publicly available Bugzilla deployments. Imagine the hundreds or thousands of zero-days and other security vulnerabilities that could potentially be exposed.\u201d\n", "modified": "2015-09-23T16:18:58", "published": "2015-09-17T13:12:01", "id": "THREATPOST:08B4ABD7A410F1578FEC2912E0070CA2", "href": "https://threatpost.com/details-surface-on-patched-bugzilla-privilege-escalation-flaw/114713/", "type": "threatpost", "title": "Bugzilla Privilege Escalation Security Patch", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:48", "bulletinFamily": "unix", "description": "Login names (usually an email address) longer than 127 characters are\nsilently truncated in MySQL which could cause the domain name of the\nemail address to be corrupted. An attacker could use this vulnerability\nto create an account with an email address different from the one\noriginally requested. The login name could then be automatically added\nto groups based on the group's regular expression setting.\nThis vulnerability has been demonstrated by truncation of an\n@mozilla.com.example.com address to an @mozilla.com address that\nresulted in an unauthorized account creation with the default privileges\nof the mozilla group.", "modified": "2015-10-08T00:00:00", "published": "2015-10-08T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-October/000406.html", "id": "ASA-201510-4", "title": "bugzilla: unauthorized account creation", "type": "archlinux", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
