SB2011080903 - Multiple vulnerabilities in Mozilla Bugzilla
Published: August 9, 2011 Updated: August 11, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2011-2380)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
Bugzilla 2.23.3 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 allows remote attackers to determine the existence of private group names via a crafted parameter during (1) bug creation or (2) bug editing.
2) Code Injection (CVE-ID: CVE-2011-2381)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
CRLF injection vulnerability in Bugzilla 2.17.1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 allows remote attackers to inject arbitrary e-mail headers via an attachment description in a flagmail notification.
3) Input validation error (CVE-ID: CVE-2011-2978)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
Bugzilla 2.16rc1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 does not prevent changes to the confirmation e-mail address (aka old_email field) for e-mail change notifications, which makes it easier for remote attackers to perform arbitrary address changes by leveraging an unattended workstation.
4) Input validation error (CVE-ID: CVE-2011-2979)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
Bugzilla 4.1.x before 4.1.3 generates different responses for certain assignee queries depending on whether the group name is valid, which allows remote attackers to determine the existence of private group names via a custom search. NOTE: this vulnerability exists because of a CVE-2010-2756 regression.
Remediation
Install update from vendor's website.
References
- http://secunia.com/advisories/45501
- http://www.bugzilla.org/security/3.4.11/
- http://www.debian.org/security/2011/dsa-2322
- http://www.osvdb.org/74298
- http://www.osvdb.org/74299
- http://www.securityfocus.com/bid/49042
- https://bugzilla.mozilla.org/show_bug.cgi?id=653477
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69034
- http://www.osvdb.org/74300
- https://bugzilla.mozilla.org/show_bug.cgi?id=657158
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69035
- http://www.osvdb.org/74301
- https://bugzilla.mozilla.org/show_bug.cgi?id=670868
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69036
- https://bugzilla.mozilla.org/show_bug.cgi?id=674497
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69166