---------------------------------------------------------------------- Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more: http://secunia.com/advisories/business_solutions/ ---------------------------------------------------------------------- TITLE: Bugzilla Multiple Vulnerabilities SECUNIA ADVISORY ID: SA33781 VERIFY ADVISORY: http://secunia.com/advisories/33781/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, Exposure of sensitive information WHERE: >From remote SOFTWARE: Bugzilla 3.x http://secunia.com/advisories/product/15437/ DESCRIPTION: Some vulnerabilities and a security issue have been reported in Bugzilla, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to potentially disclose sensitive information or to conduct cross-site request forgery attacks. 1) A vulnerability is caused due to the application allowing users to upload HTML or Javascript attachments that can be viewed by other users in their web browser. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when the malicious attachment is viewed. This vulnerability is reported in versions prior to 3.0.7, 3.2.1, and 3.3.2. 2) A vulnerability is caused due to the application allowing users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. submit changes via process_bug.cgi by enticing a logged in user to visit a malicious web page. This vulnerability is reported in version prior to 3.2.1 and 3.3.2. 3) A vulnerability is caused due to the application allowing users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to perform certain actions (e.g. update a user's preference or delete saved searches) by enticing a logged in user to visit a malicious web page. This vulnerability is reported in versions prior to 3.0.7, 3.2.1, and 3.3.2. 4) A security issue is caused due to the application calling srand() at compile time, which leads to predictable tokens when using "mod_perl". This can e.g. be exploited to bypass the cross-site request forgery protection, or to disclose sensitive information when the "attachment_base" functionality is used. This vulnerability only affects version 3.2.1, 3.0.7, and 3.3.2. SOLUTION: Update to version 3.2.2 or 3.3.3. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1 - 3) Frédéric Buclin, Stephen Lee, Jesse Ruderman, Terry Weissman, Max Kanat-Alexander, Teemu Mannermaa, and the Mozilla Corporation 4) Philippe M. Chiasson, Dave Miller, Max Kanat-Alexander ORIGINAL ADVISORY: http://www.bugzilla.org/security/2.22.6/ http://www.bugzilla.org/security/3.0.7/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------