Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2105

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2008-2105
Last Modified 20 Sep 2011 10:54:08
Published 07 May 2008 04:20:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2008-2105

Summary

email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before 3.1.4 allows remote authenticated users to more easily spoof the changer of a bug via a @reporter command in the body of an e-mail message, which overrides the e-mail address as normally obtained from the From e-mail header. NOTE: since From headers are easily spoofed, this only crosses privilege boundaries in environments that provide additional verification of e-mail addresses.

Vulnerable Systems

Application

  • Mozilla Bugzilla 2.10

  • Mozilla Bugzilla 2.12

  • Mozilla Bugzilla 2.14

  • Mozilla Bugzilla 2.14.1

  • Mozilla Bugzilla 2.14.2

  • Mozilla Bugzilla 2.14.3

  • Mozilla Bugzilla 2.14.4

  • Mozilla Bugzilla 2.14.5

  • Mozilla Bugzilla 2.16

  • Mozilla Bugzilla 2.16 Rc2

  • Mozilla Bugzilla 2.16.1

  • Mozilla Bugzilla 2.16.10

  • Mozilla Bugzilla 2.16.11

  • Mozilla Bugzilla 2.16.2

  • Mozilla Bugzilla 2.16.3

  • Mozilla Bugzilla 2.16.4

  • Mozilla Bugzilla 2.16.5

  • Mozilla Bugzilla 2.16.6

  • Mozilla Bugzilla 2.16.7

  • Mozilla Bugzilla 2.16.8

  • Mozilla Bugzilla 2.16.9

  • Mozilla Bugzilla 2.17.1

  • Mozilla Bugzilla 2.17.2

  • Mozilla Bugzilla 2.17.3

  • Mozilla Bugzilla 2.17.4

  • Mozilla Bugzilla 2.17.5

  • Mozilla Bugzilla 2.17.6

  • Mozilla Bugzilla 2.17.7

  • Mozilla Bugzilla 2.18

  • Mozilla Bugzilla 2.18.1

  • Mozilla Bugzilla 2.18.2

  • Mozilla Bugzilla 2.18.3

  • Mozilla Bugzilla 2.18.4

  • Mozilla Bugzilla 2.18.5

  • Mozilla Bugzilla 2.18.6

  • Mozilla Bugzilla 2.19.1

  • Mozilla Bugzilla 2.19.2

  • Mozilla Bugzilla 2.19.3

  • Mozilla Bugzilla 2.20

  • Mozilla Bugzilla 2.20.1

  • Mozilla Bugzilla 2.20.2

  • Mozilla Bugzilla 2.20.3

  • Mozilla Bugzilla 2.20.4

  • Mozilla Bugzilla 2.20.5

  • Mozilla Bugzilla 2.20.6

  • Mozilla Bugzilla 2.21.1

  • Mozilla Bugzilla 2.21.2

  • Mozilla Bugzilla 2.22

  • Mozilla Bugzilla 2.22.1

  • Mozilla Bugzilla 2.22.2

  • Mozilla Bugzilla 2.22.3

  • Mozilla Bugzilla 2.22.4

  • Mozilla Bugzilla 2.23

  • Mozilla Bugzilla 2.23.1

  • Mozilla Bugzilla 2.23.2

  • Mozilla Bugzilla 2.23.3

  • Mozilla Bugzilla 2.23.4

  • Mozilla Bugzilla 2.4

  • Mozilla Bugzilla 2.6

  • Mozilla Bugzilla 2.8

  • Mozilla Bugzilla 3.0.0

  • Mozilla Bugzilla 3.0.1

  • Mozilla Bugzilla 3.0.2

  • Mozilla Bugzilla 3.1.0

  • Mozilla Bugzilla 3.1.1

  • Mozilla Bugzilla 3.1.2


References

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=419188

FEDORA - FEDORA-2008-3488

FEDORA - FEDORA-2008-3442

XF - bugzilla-emailin-security-bypass(42235)

VUPEN - ADV-2008-1428

SECTRACK - 1019969

BID - 29038

CONFIRM - http://www.bugzilla.org/security/2.20.5/

SECUNIA - 30167

SECUNIA - 30064


Last Updated: 27 May 2016 10:47:46