Vulnerabilities > CVE-2010-2757 - Cryptographic Issues vulnerability in Mozilla Bugzilla
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 does not properly send impersonation notifications, which makes it easier for remote authenticated users to impersonate other users without discovery.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2010-13072.NASL description - Thu Aug 19 2010 Emmanuel Seyman <emmanuel.seyman at club-internet.fr> - 3.4.8-1 - Update to 3.4.8 (#623426, #615331) - Only run checksetup if /etc/bugzilla/localconfig does not exist (#610210) - Add bugzilla-contrib to Requires (#610198) - Remove mod_perl from the requirements (#600924) - Fri Jun 25 2010 Emmanuel Seyman <emmanuel.seyman at club-internet.fr> - 3.4.7-1 - Update to 3.4.7 (CVE-2010-1204) - Mon Feb 1 2010 Emmanuel Seyman <emmanuel.seyman at club-internet.fr> - 3.4.5-1 - Update to 3.4.5 (CVE-2009-3989, CVE-2009-3387) - Remove bugzilla-EL5-perl-versions.patch which is EPEL-specific - Thu Nov 19 2009 Emmanuel Seyman <emmanuel.seyman at club-internet.fr> - 3.4.4-1 - Update to 3.4.4 (CVE-2009-3386) - Wed Nov 11 2009 Emmanuel Seyman <emmanuel.seyman at club-internet.fr> - 3.4.3-1 - Update to 3.4.3 (fixes memory leak issues) - Add perl(Digest::SHA) in the Requires - Specify Perl module versions in the Requires (fixes #524309) - Add an alias to make $webdotdir a working path (fixes #458848) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 48913 published 2010-08-29 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/48913 title Fedora 12 : bugzilla-3.4.8-1.fc12 (2010-13072) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2010-13072. # include("compat.inc"); if (description) { script_id(48913); script_version("1.12"); script_cvs_date("Date: 2019/08/02 13:32:31"); script_cve_id("CVE-2010-2756", "CVE-2010-2757", "CVE-2010-2758", "CVE-2010-2759"); script_bugtraq_id(42275); script_xref(name:"FEDORA", value:"2010-13072"); script_name(english:"Fedora 12 : bugzilla-3.4.8-1.fc12 (2010-13072)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Thu Aug 19 2010 Emmanuel Seyman <emmanuel.seyman at club-internet.fr> - 3.4.8-1 - Update to 3.4.8 (#623426, #615331) - Only run checksetup if /etc/bugzilla/localconfig does not exist (#610210) - Add bugzilla-contrib to Requires (#610198) - Remove mod_perl from the requirements (#600924) - Fri Jun 25 2010 Emmanuel Seyman <emmanuel.seyman at club-internet.fr> - 3.4.7-1 - Update to 3.4.7 (CVE-2010-1204) - Mon Feb 1 2010 Emmanuel Seyman <emmanuel.seyman at club-internet.fr> - 3.4.5-1 - Update to 3.4.5 (CVE-2009-3989, CVE-2009-3387) - Remove bugzilla-EL5-perl-versions.patch which is EPEL-specific - Thu Nov 19 2009 Emmanuel Seyman <emmanuel.seyman at club-internet.fr> - 3.4.4-1 - Update to 3.4.4 (CVE-2009-3386) - Wed Nov 11 2009 Emmanuel Seyman <emmanuel.seyman at club-internet.fr> - 3.4.3-1 - Update to 3.4.3 (fixes memory leak issues) - Add perl(Digest::SHA) in the Requires - Specify Perl module versions in the Requires (fixes #524309) - Add an alias to make $webdotdir a working path (fixes #458848) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=623423" ); # https://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?48035cf2" ); script_set_attribute( attribute:"solution", value:"Update the affected bugzilla package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:bugzilla"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:12"); script_set_attribute(attribute:"patch_publication_date", value:"2010/08/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/08/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^12([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 12.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC12", reference:"bugzilla-3.4.8-1.fc12")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bugzilla"); }NASL family Fedora Local Security Checks NASL id FEDORA_2010-13171.NASL description - Bug #623423 - CVE-2010-2756 CVE-2010-2757 CVE-2010-2758 CVE-2010-2759 bugzilla: multiple vulnerabilities corrected in 3.4.8/3.6.2 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 48897 published 2010-08-27 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/48897 title Fedora 14 : bugzilla-3.6.2-1.fc14 (2010-13171) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_8CBF4D65AF9A11DF89B800151735203A.NASL description A Bugzilla Security Advisory reports : - Remote Information Disclosure : An unprivileged user is normally not allowed to view other users last seen 2020-06-01 modified 2020-06-02 plugin id 48427 published 2010-08-25 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/48427 title FreeBSD : bugzilla -- information disclosure, denial of service (8cbf4d65-af9a-11df-89b8-00151735203a) NASL family Fedora Local Security Checks NASL id FEDORA_2010-13086.NASL description - Thu Aug 19 2010 Emmanuel Seyman <emmanuel.seyman at club-internet.fr> - 3.4.8-2 - Bump to correct changelog version - Wed Aug 18 2010 Emmanuel Seyman <emmanuel.seyman at club-internet.fr> - 3.4.8-1 - Update to 3.4.8 (#623426, #615331) - Only run checksetup if /etc/bugzilla/localconfig does not exist (#610210) - Add bugzilla-contrib to Requires (#610198) - Wed Jun 30 2010 Emmanuel Seyman <emmanuel.seyman at club-internet.fr> - 3.4.7-2 - Remove mod_perl from the requirements (#600924) - Fri Jun 25 2010 Emmanuel Seyman <emmanuel.seyman at club-internet.fr> - 3.4.7-1 - Update to 3.4.7 (CVE-2010-1204) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 48914 published 2010-08-29 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/48914 title Fedora 13 : bugzilla-3.4.8-2.fc13 (2010-13086)
References
- http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.html
- http://secunia.com/advisories/40892
- http://secunia.com/advisories/41128
- http://www.bugzilla.org/security/3.2.7/
- http://www.securityfocus.com/bid/42275
- http://www.vupen.com/english/advisories/2010/2035
- http://www.vupen.com/english/advisories/2010/2205
- https://bugzilla.mozilla.org/show_bug.cgi?id=450013
- https://bugzilla.redhat.com/show_bug.cgi?id=623423