Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1196

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-1196
Last Modified 10 Sep 2008 03:14:02
Published 28 Oct 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1196

Summary

editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the "usebuggroups" feature is enabled and more than 47 groups are specified, does not properly calculate bit values for large numbers, which grants extra permissions to users via known features of Perl math that set multiple bits.

Vulnerable Systems

Application

  • Mozilla Bugzilla 2.14

  • Mozilla Bugzilla 2.14.1

  • Mozilla Bugzilla 2.14.2

  • Mozilla Bugzilla 2.14.3

  • Mozilla Bugzilla 2.16


References

DEBIAN - DSA-173

XF - bugzilla-usebuggroups-permissions-leak(10233)

BUGTRAQ - 20021001 [BUGZILLA] Security Advisory

CONFIRM - http://bugzilla.mozilla.org/show_bug.cgi?id=167485#c12

BID - 5843


Last Updated: 27 May 2016 10:37:14