Vulnerabilities > CVE-2011-2977 - Multiple Security vulnerability in Bugzilla

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
local
low complexity
mozilla
microsoft
nessus

Summary

Bugzilla 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files. NOTE: this issue exists because of a regression in 3.6.

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201110-03.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201110-03 (Bugzilla: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Bugzilla. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could conduct cross-site scripting attacks, conduct script insertion and spoofing attacks, hijack the authentication of arbitrary users, inject arbitrary HTTP headers, obtain access to arbitrary accounts, disclose the existence of confidential groups and its names, or inject arbitrary e-mail headers. A local attacker could disclose the contents of temporarfy files for uploaded attachments. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id56445
    published2011-10-11
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56445
    titleGLSA-201110-03 : Bugzilla: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201110-03.
    #
    # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(56445);
      script_version("1.8");
      script_cvs_date("Date: 2018/07/11 17:09:26");
    
      script_cve_id("CVE-2010-2761", "CVE-2010-3172", "CVE-2010-3764", "CVE-2010-4411", "CVE-2010-4567", "CVE-2010-4568", "CVE-2010-4569", "CVE-2010-4570", "CVE-2010-4572", "CVE-2011-0046", "CVE-2011-0048", "CVE-2011-2379", "CVE-2011-2380", "CVE-2011-2381", "CVE-2011-2976", "CVE-2011-2977", "CVE-2011-2978", "CVE-2011-2979");
      script_bugtraq_id(44618, 45145, 45982, 49042);
      script_xref(name:"GLSA", value:"201110-03");
    
      script_name(english:"GLSA-201110-03 : Bugzilla: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201110-03
    (Bugzilla: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in Bugzilla. Please review
          the CVE identifiers referenced below for details.
      
    Impact :
    
        A remote attacker could conduct cross-site scripting attacks, conduct
          script insertion and spoofing attacks, hijack the authentication of
          arbitrary users, inject arbitrary HTTP headers, obtain access to
          arbitrary accounts, disclose the existence of confidential groups and its
          names, or inject arbitrary e-mail headers.
        A local attacker could disclose the contents of temporarfy files for
          uploaded attachments.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201110-03"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Bugzilla users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=www-apps/bugzilla-3.6.6'
        NOTE: This is a legacy GLSA. Updates for all affected architectures are
          available since August 27, 2011. It is likely that your system is already
          no longer affected by this issue."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:bugzilla");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/10/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/10/11");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"www-apps/bugzilla", unaffected:make_list("ge 3.6.6"), vulnerable:make_list("lt 3.6.6"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Bugzilla");
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_DC8741B9C5D511E08A8E00151735203A.NASL
    descriptionA Bugzilla Security Advisory reports : The following security issues have been discovered in Bugzilla : - Internet Explorer 8 and older, and Safari before 5.0.6 do content sniffing when viewing a patch in
    last seen2020-06-01
    modified2020-06-02
    plugin id55847
    published2011-08-15
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55847
    titleFreeBSD : bugzilla -- multiple vulnerabilities (dc8741b9-c5d5-11e0-8a8e-00151735203a)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-10426.NASL
    descriptionThe Bugzilla developers have discovered a number of security bugs in Bugzilla. These are CVE-2011-2379, CVE-2011-2380, CVE-2011-2979, CVE-2011-2381, CVE-2011-2978, CVE-2011-2977. This release fixes these bugs. See http://www.bugzilla.org/security/3.4.11/ for all known details. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id55910
    published2011-08-20
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55910
    titleFedora 15 : bugzilla-3.6.6-1.fc15 (2011-10426)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-10399.NASL
    descriptionThe Bugzilla developers have discovered a number of security bugs in Bugzilla. These are CVE-2011-2379, CVE-2011-2380, CVE-2011-2979, CVE-2011-2381, CVE-2011-2978, CVE-2011-2977. This release fixes these bugs. See http://www.bugzilla.org/security/3.4.11/ for all known details. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id55945
    published2011-08-23
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55945
    titleFedora 16 : bugzilla-4.0.2-1.fc16 (2011-10399)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-10413.NASL
    descriptionThe Bugzilla developers have discovered a number of security bugs in Bugzilla. These are CVE-2011-2379, CVE-2011-2380, CVE-2011-2979, CVE-2011-2381, CVE-2011-2978, CVE-2011-2977. This release fixes these bugs. See http://www.bugzilla.org/security/3.4.11/ for all known details. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id55909
    published2011-08-20
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55909
    titleFedora 14 : bugzilla-3.6.6-1.fc14 (2011-10413)

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 49042 CVE ID: CVE-2011-2977 Bugzilla是很多软件项目都在使用的基于Web的BUG跟踪系统。 Bugzilla在实现上存在多个安全漏洞,远程攻击者可利用这些漏洞获取敏感信息,执行脚本插入和欺骗攻击。 用于上传附件的临时文件没有在Windows上删除。对服务器有本地访问权限的用户可在通常情况下不允许从Bugzilla中查看附件时查看附件。 Mozilla Bugzilla 4.x Mozilla Bugzilla 3.x Mozilla Bugzilla 2.x 厂商补丁: Mozilla ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.mozilla.org/
idSSV:20818
last seen2017-11-19
modified2011-08-09
published2011-08-09
reporterRoot
titleMozilla Bugzilla越权访问漏洞(CVE-2011-2977)