CVE-2010-2757

The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 does not properly send impersonation notifications, which makes it easier for remote authenticated users to impersonate other users without discovery.

CVSS v2.0 6.5 MEDIUM

6.5^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=450013
http://www.bugzilla.org/security/3.2.7/
https://bugzilla.redhat.com/show_bug.cgi?id=623423
http://www.vupen.com/english/advisories/2010/2035	Vendor Advisory
http://secunia.com/advisories/40892	Vendor Advisory
http://www.securityfocus.com/bid/42275
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html
http://www.vupen.com/english/advisories/2010/2205
http://secunia.com/advisories/41128
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:bugzilla:2.22.5:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.22.6:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.23.4:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.4:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.0.11:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.0.2:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.0.9:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.0:rc1::::::
	cpe:2.3:a:mozilla:bugzilla:3.2:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.22.7:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.22:rc1::::::
	cpe:2.3:a:mozilla:bugzilla:3.0.4:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.1.3:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.0.0:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.4.3:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.0.1:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.6.1:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.2.6:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.1.1:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.22.3:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.6:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.23.2:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.2.3:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.23.3:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.0.7:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.4.4:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.6:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.1.0:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.0.3:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.8:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.0.10:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.0.8:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.22.4:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.7.2:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.3.2:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.7.1:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.7:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.4.2:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.1.2:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.5.3:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.2.5:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.3.4:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.22.1:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.5.2:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.0:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.5.1:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.0.6:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.23.1:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.4.1:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.4.7:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.22:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.2.4:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.3.3:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.2.2:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.23:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.2.7:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.9:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.4.5:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.0.5:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.3.1:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.4.6:::::::*

Information

Published : 2010-08-16 08:14

Updated : 2010-09-07 22:48

NVD link : CVE-2010-2757

Mitre link : CVE-2010-2757

JSON object : View

CWE

CWE-310

Cryptographic Issues

Products Affected

mozilla

bugzilla

6.5 /10