Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0012

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2003-0012
Last Modified 10 Sep 2008 08:05:22
Published 17 Jan 2003 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2003-0012

Summary

The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 sets world-writable permissions for the data/mining directory when it runs, which allows local users to modify or delete the data.

Vulnerable Systems

Application

  • Mozilla Bugzilla 2.14

  • Mozilla Bugzilla 2.14.1

  • Mozilla Bugzilla 2.14.2

  • Mozilla Bugzilla 2.14.3

  • Mozilla Bugzilla 2.14.4

  • Mozilla Bugzilla 2.16

  • Mozilla Bugzilla 2.16.1

  • Mozilla Bugzilla 2.17

  • Mozilla Bugzilla 2.17.1


References

BUGTRAQ - 20030102 [BUGZILLA] Security Advisory - remote database password disclosure

XF - bugzilla-mining-world-writable(10971)

BID - 6502

REDHAT - RHSA-2003:012

DEBIAN - DSA-230


Last Updated: 27 May 2016 10:37:45