Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

FreeBSD Ports: bugzilla

Information

Severity

Severity

Medium

Family

Family

FreeBSD Local Security Checks

CVSSv2 Base

CVSSv2 Base

5.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Solution Type

Solution Type

Vendor Patch

Created

Created

13 years ago

Modified

Modified

6 years ago

Summary

The remote host is missing an update to the system as announced in the referenced advisory.

Insight

Insight

The following package is affected: bugzilla CVE-2010-1204 Search.pm in Bugzilla 2.17.1 through 3.2.6, 3.3.1 through 3.4.6, 3.5.1 through 3.6, and 3.7 allows remote attackers to obtain potentially sensitive time-tracking information via a crafted search URL, related to a 'boolean chart search.' CVE-2010-0180 Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6 and 3.7, when use_suexec is enabled, uses world-readable permissions for the localconfig files, which allows local users to read sensitive configuration fields, as demonstrated by the database password field and the site_wide_secret field.

Solution

Solution

Update your system with the appropriate patches or software upgrades. https://bugzilla.mozilla.org/show_bug.cgi?id=309952 https://bugzilla.mozilla.org/show_bug.cgi?id=561797 http://www.vuxml.org/freebsd/f1331504-8849-11df-89b8-00151735203a.html

Common Vulnerabilities and Exposures (CVE)