Lucene search
RootSSV:19880HistoryJun 28, 2010 - 12:00 a.m.
Mozilla Bugzilla localconfig文件信息泄露漏洞
2010-06-2800:00:00
Root
www.seebug.org
9
0.0004 Low
EPSS
Percentile
5.1%
BUGTRAQ ID: 41144
CVE ID: CVE-2010-0180
Bugzilla是很多软件项目都在使用的基于Web的BUG跟踪系统。
如果在localconfig文件中将$use_suexec设置为1,则localconfig文件的权限就会被设置为checksetup.pl完全可读,这允许所有拥有本地shell访问的用户都可以查看文件内容,包括数据库口令和用于防范CSRF的site_wide_secret变量。
Mozilla Bugzilla 3.x
Mozilla Bugzilla 2.x
厂商补丁:
Mozilla
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Related
prion
prion
Design/Logic Flaw
2010-06-28 17:30:00
Design/Logic Flaw
2010-06-28 17:30:00
openvas
openvas
Bugzilla 'localconfig' Information Disclosure Vulnerability
2010-07-16 00:00:00
Bugzilla 'localconfig' Information Disclosure Vulnerability
2010-07-16 00:00:00
FreeBSD Ports: bugzilla
2010-07-22 00:00:00
ubuntucve
ubuntucve
CVE-2010-0180
2010-06-28 00:00:00
CVE-2010-2470
2010-06-28 00:00:00
cvelist
cvelist
CVE-2010-0180
2022-10-03 16:21:10
CVE-2010-2470
2022-10-03 16:21:08
nvd
nvd
CVE-2010-0180
2010-06-28 17:30:00
CVE-2010-2470
2010-06-28 17:30:01
cve
cve
CVE-2010-0180
2022-10-03 16:21:10
CVE-2010-2470
2022-10-03 16:21:08
freebsd
freebsd
bugzilla -- information disclosure
2010-06-24 00:00:00
nessus
nessus
FreeBSD : bugzilla -- information disclosure (f1331504-8849-11df-89b8-00151735203a)
2010-07-06 00:00:00
Bugzilla < 3.2.7 / 3.4.7 / 3.6.1 Multiple Vulnerabilities
2010-06-28 00:00:00
Bugzilla 'time-tracking' fields Information Disclosure
2010-06-30 00:00:00