Bugzilla Randomization Bug Lets Remote Users Bypass Cross-Site Request Forgery Protections
|
|
SecurityTracker Alert ID: 1021671 |
|
SecurityTracker URL: http://securitytracker.com/id/1021671
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Feb 4 2009
|
Impact:
Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 3.0.7, 3.2.1, 3.3.2
|
Description:
A vulnerability was reported in Bugzilla. A remote user can bypass the cross-site request forgery protection mechanism.
When running under mod_perl, the system generates random numbers using srand() at startup time. As a result, the cross-site request forgery (CSRF) tokens are identical.
On systems with the new attachment_base functionality, a remote user may be able to exploit this to view private attachments.
Max Kanat-Alexander reported this vulnerability.
|
Impact:
A remote user can bypass the cross-site request forgery protections.
|
Solution:
The vendor has issued a fix (3.0.8, 3.2.2, 3.3.3)
The vendor's advisory is available at:
http://www.bugzilla.org/security/3.0.7/
|
Vendor URL: www.bugzilla.org/security/3.0.7/ (Links to External Site)
|
Cause:
Input validation error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 4 Feb 2009 00:44:24 -0500
Subject: Bugzilla
|
http://www.bugzilla.org/security/3.0.7/
|
|
