thr3ads.net - Secure testing team - [Secure-testing-team] Bug#611176: bugzilla: CVE-2010-4568 Account compromise vulnerability [Jan 2011]

If this information is useful, please help other people find it:
Share via:

Jonathan Wiltshire

2011-Jan-26 12:55 UTC

[Secure-testing-team] Bug#611176: bugzilla: CVE-2010-4568 Account compromise vulnerability

Package: bugzilla
Version: 3.0.4.1-2+lenny2
Severity: grave
Tags: security
Justification: user security hole

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Package: bugzilla
Version: FILLINAFFECTEDVERSION
Severity: FILLINSEVERITY
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for bugzilla.

CVE-2010-4568[0]:
| ** RESERVED **
| This candidate has been reserved by an organization or individual that
| will use it when announcing a new security problem.  When the
| candidate has been publicized, the details for this candidate will be
| provided.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4568
    http://security-tracker.debian.org/tracker/CVE-2010-4568

- -- System Information:
Debian Release: 6.0
  APT prefers unstable
  APT policy: (500, ''unstable''), (500,
''testing''), (500, ''stable''), (1,
''experimental'')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJNQBmsAAoJEFOUR53TUkxRgrAP/jL0yZw/L/rJNDukhVM+J4DT
3XJp1+PGnP7/kLf16tWz3TTiJnKEXBEp/mlZPdjgl6wvtaT7HAa0XxoGEEKvb9zg
o0pgdVnpLIh1Uod+vAlNKZgcISD/3Mdj1QRUxZCRRLeGz6C1drajMA9PZVGEYSd1
hcGXxcfFbOkOrNOsubXFgMgrr8lW7xlcVo5PEsFFuXpCK8CxEAaCP4F5IkKq9kA5
gbqZnW4yx4wuEAS/5KyN1FAz1yhAjhhiN1bD08didBmOM0d49GmP4mPDo7XqmW22
SI2AWHpYsVSdbnu5X7SWWWJTqw6FPSWTeAIDTRXkgO6LCnY6jz+EwltGmVNecRjv
5SerGEv3mdO9UCQ7rfdfHwQHhuMp78jkg+mqa94wIVjj9IqEslhZpLvOyhEKwuXm
9CCw83J7v/v76C90A8T3VZN64RX76Fxs/kGnbsyeiCsDTbVYEPKgUKbBd78AnuOI
5sncfwe6YxKuYvfKMz9LK5GSuk6pmL6K4B8kNVdDY5Xl38HFbw73Yg1GEqOmdqRi
xdMzfIdUgDKniiC6CDJs6sixCNf9H4EC/fKzzkacOJ6s3XqcSVJFBiPH4ZL7ypAp
TPtHIP54SiDKJqOqhP4HnyeCQLQ9BOKt6poTqtnjOz5zwveZCndIOI/YnQyYmaZQ
w+MYBc5b2s7d0FkFKTXS
=50Zi
-----END PGP SIGNATURE-----

Secure testing team - Jan 2011 - Bug#611176: bugzilla: CVE-2010-4568 Account compromise vulnerability

[Secure-testing-team] Bug#611176: bugzilla: CVE-2010-4568 Account compromise vulnerability