SQL injection vulnerability in the Bug.create WebService function in Bugzilla 2.23.4 through 3.0.8, 3.1.1 through 3.2.4, and 3.3.1 through 3.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters.

The remote host is affected by the vulnerability described in GLSA-201006-19 (Bugzilla: Multiple vulnerabilities)

    Multiple vulnerabilities have been reported in Bugzilla. Please review     the CVE identifiers referenced below for details.
  Impact :

    A remote attacker might be able to disclose local files, bug     information, passwords, and other data under certain circumstances.
    Furthermore, a remote attacker could conduct SQL injection, Cross-Site     Scripting (XSS) or Cross-Site Request Forgery (CSRF) attacks via     various vectors.
  Workaround :

    There is no known workaround at this time.

Max Kanat-Alexander, Bradley Baetz, and Frederic Buclin discovered a SQL injection vulnerability in the Bug.create WebService function in Bugzilla, a web-based bug tracking system, which allows remote attackers to execute arbitrary SQL commands.

The oldstable distribution (etch) isn't affected by this problem.

A Bugzilla Security Advisory reports :

- It is possible to inject raw SQL into the Bugzilla database via the 'Bug.create' and 'Bug.search' WebService functions.

- When a user would change his password, his new password would be exposed in the URL field of the browser if he logged in right after changing his password.

The remote host is running Bugzilla, a bug-tracking software with a web interface.  The version of Bugzilla on the remote host is potentially affected by multiple flaws : 

  - A SQL injection vulnerability in the 'Bug.search' WebService function. (CVE-2009-3125)

  - A SQL injection vulnerability in the 'Bug.create WebService function. (CVE-2009-3165)

  - When a user reset their password and then logged in immediately afterward, their password would appear in the URL of their browser. (CVE-2009-3166)

ID	Name	Product	Family	Severity
46808	GLSA-201006-19 : Bugzilla: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
44778	Debian DSA-1913-1 : bugzilla - SQL injection vulnerability	Nessus	Debian Local Security Checks	high
41007	FreeBSD : bugzilla -- two SQL injections, sensitive data exposure (b9ec7fe3-a38a-11de-9c6b-003048818f40)	Nessus	FreeBSD Local Security Checks	high
5169	Bugzilla < 3.0.9/3.2.5/3.4.2 Multiple Vulnerabilities	Nessus Network Monitor	CGI	high

Detections

Analytics

CVE-2009-3165

critical

Tenable Plugins

high

high

high

high