First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 239564
Alias:
Product:
Component:
Status: ASSIGNED
Resolution:
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Craig (Security Padawan) <craig@haquarter.de>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 239564 depends on: Show dependency tree
Bug 239564 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.







View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2008-10-04 16:51 0000 
CVE-2008-4437 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4437):
  Directory traversal vulnerability in importxml.pl in Bugzilla before
  2.22.5, and 3.x before 3.0.5, when --attach_path is enabled, allows
  remote attackers to read arbitrary files via an XML file with a ..
  (dot dot) in the data element.

------- Comment #1 From Azamat H. Hackimov 2008-10-05 12:00:36 0000 ------- 
See #237842

------- Comment #2 From Craig (Security Padawan) 2008-10-05 12:15:24 0000 ------- 
I missed your bug, because it was not filed in the "Gentoo Security" product.
Security will watch over this one, please mark your bug as duplicate (I don't
have the rights to do that).

------- Comment #3 From Robert Buchholz 2008-10-05 12:30:59 0000 ------- 
*** Bug 237842 has been marked as a duplicate of this bug. ***

------- Comment #4 From Gunnar Wrobel 2008-10-11 19:44:47 0000 ------- 
Added bugzilla-2.22.5, -3.0.5.

Targets:

bugzilla-2.22.5: amd64 ia64 ppc ppc64 sparc x86

bugzilla-3.0.5:  alpha amd64 ia64 ppc ppc64 sparc x86

------- Comment #5 From Markus Meier 2008-10-12 15:13:24 0000 ------- 
amd64/x86 stable

------- Comment #6 From Friedrich Oslage 2008-10-12 15:35:40 0000 ------- 
sparc stable

------- Comment #7 From Raúl Porcel 2008-10-13 09:28:14 0000 ------- 
alpha/ia64 stable

------- Comment #8 From Markus Rothe 2008-10-14 08:19:23 0000 ------- 
ppc/ppc64 stable

------- Comment #9 From Tobias Heinlein 2008-10-16 18:50:13 0000 ------- 
Ready for vote, I vote YES.

------- Comment #10 From Oleg Kravchenko 2008-10-17 08:13:07 0000 ------- 
www-apps/bugzilla-3.0.5

Create file reports with invalid mask :(

-rw------- 1 oleg oleg 6,7K Окт 16 13:13
-All-_NEW_ASSIGNED_REOPENED_UNCONFIRMED_RESOLVED_VERIFIED_CLOSED_FIXED_INVALID_WONTFIX_DUPLICATE_WORKSFORME_MOVED.png

------- Comment #11 From Gunnar Wrobel 2008-10-30 15:10:59 0000 ------- 
Removed vulnerable versions. webapps done.

@oleg: Sorry, I don't understand the comment you made. If this is a relevant
bug report please open another issue and assign it to webapps.

------- Comment #12 From Oleg Kravchenko 2008-11-04 07:59:02 0000 ------- 
(In reply to comment #11)
> Removed vulnerable versions. webapps done.
> 
> @oleg: Sorry, I don't understand the comment you made. If this is a relevant
> bug report please open another issue and assign it to webapps.
> 

Okey ;) I am try to comment:

When I try view graphic report in bugzilla, no image see.
But image report is exist with invalid access mode:
-rw------- 1 oleg oleg 6,7K Окт 16 13:13
-All-_NEW_ASSIGNED_REOPENED_UNCONFIRMED_RESOLVED_VERIFIED_CLOSED_FIXED_INVALID_WONTFIX_DUPLICATE_WORKSFORME_MOVED.png

------- Comment #13 From Raphael Marichez 2009-01-11 17:44:14 0000 ------- 
@Oleg: please file a new bug in case of an applicative bug independent from the
current security bug.

I vote yes too. Filling GLSA request.

I re-rate the bug to B4. I consider that this directory traversal vulnerability
only implies information leak.

------- Comment #14 From Craig (Security Padawan) 2009-01-11 18:16:21 0000 ------- 
But B4 does not require a GLSA.

------- Comment #15 From Robert Buchholz 2009-03-23 16:51:02 0000 ------- 
rerating b3
First Last Prev Next    No search results available      Search page      Enter new bug