CVE-2007-4539
Gentoo Linux Security Advisory 200709-18
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The WebService (XML-RPC) interface in Bugzilla 2.23.3 through 3.0.0 does not enforce permissions for the time-tracking fields of bugs, which allows remote attackers to obtain sensitive information via certain XML-RPC requests, as demonstrated by the (1) Deadline and (2) Estimated Time fields.
La interfaz WebService (XML-RPC) en Bugzilla 2.23.3 hasta la 3.0.0 no hace cumplir los permisos para los campos time-tracking de los fallos (bugs), lo cual permite a atacantes remotos obtener información sensible a través de ciertas respuestas XML-RPC, como se demostró por los campos (1) Deadline y (2) Estimated Time.
Masahiro Yamada found that from the 2.17.1 version, Bugzilla does not properly sanitize the content of the buildid parameter when filing bugs. The next two vulnerabilities only affect Bugzilla 2.23.3 or later, hence the stable Gentoo Portage tree does not contain these two vulnerabilities: Loic Minier reported that the Email::Send::Sendmail() function does not properly sanitize from email information before sending it to the -f parameter of /usr/sbin/sendmail, and Frederic Buclin discovered that the XML-RPC interface does not correctly check permissions in the time-tracking fields. Versions less than 3.0.1 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-08-27 CVE Reserved
- 2007-08-27 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/37202 | Vdb Entry | |
| http://secunia.com/advisories/26971 | Third Party Advisory | |
| http://www.bugzilla.org/security/2.20.4 | X_refsource_confirm | |
| http://www.securityfocus.com/archive/1/477630/100/0/threaded | Mailing List | |
| http://www.securitytracker.com/id?1018604 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2007/2977 | Vdb Entry | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=382056 | X_refsource_misc | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36244 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| http://www.securityfocus.com/bid/25425 | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/26584 | 2018-10-15 |
| URL | Date | SRC |
|---|---|---|
| http://security.gentoo.org/glsa/glsa-200709-18.xml | 2018-10-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 2.4 Search vendor "Mozilla" for product "Bugzilla" and version "2.4" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 2.6 Search vendor "Mozilla" for product "Bugzilla" and version "2.6" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 2.8 Search vendor "Mozilla" for product "Bugzilla" and version "2.8" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 2.9 Search vendor "Mozilla" for product "Bugzilla" and version "2.9" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 2.23.3 Search vendor "Mozilla" for product "Bugzilla" and version "2.23.3" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 2.23.4 Search vendor "Mozilla" for product "Bugzilla" and version "2.23.4" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 3.0.0 Search vendor "Mozilla" for product "Bugzilla" and version "3.0.0" | - |
Affected
| ||||||