Bugzilla social engineering Vulnerability

Bugzilla social engineering Vulnerability

Release date: 2014-10-09
Updated on: 2014-10-09

Affected Systems:
Bugzilla 4.5.1-4.5.5
Bugzilla 4.3.1-4.4.5
Bugzilla 4.1.1-4.2.10
Bugzilla 2.17.1-4.0.14
Unaffected system:
Bugzilla 4.5.6
Bugzilla 4.4.6
Bugzilla 4.2.11
Bugzilla 4.0.15
Description:
Bugzilla is an open-source defect tracking system that manages the entire lifecycle of defects in software development, such as submitting, repairing, and disabling defects. It is widely used in open-source projects, such as Apache Software Foundation, Linux kernel, LibreOffice, OpenOffice, OpenSSH, Eclipse, KDE, GNOME, and various Linux releases.

Bugzilla has a social engineering vulnerability in implementation. The search results can be exported as CSV files and imported into the external spreadsheet software. The Field Values in special formats are interpreted as formulas, attackers can attack users' computers after execution.

<* Source: Check Point Software Technologies
Simon Green
Byron Jones
James Kettle
Netanel Rubin
Frederic Buclin
Matt Tyson
David Lawrence

Link: http://www.bugzilla.org/security/4.0.14/
*>

Suggestion:
Vendor patch:

Bugzilla
--------
For this reason, Bugzilla has released a Security Bulletin (4.0.14) and corresponding patches:
4.0.14: 4.0.14, 4.2.10, 4.4.5, and 4.5.5 Security Advisory
Link: http://www.bugzilla.org/security/4.0.14/

Patch download: http://www.bugzilla.org/download/

Reference: https://bugzilla.mozilla.org/show_bug.cgi? Id = 1054702

Release of all Bugzilla updates to fix important vulnerabilities

Install Bugzilla 4.2 On Fedora 16

Bugzilla Installation Process

Configure Bugzilla in Debian7 & Ubuntu 13.10

For details about Bugzilla, click here
For Bugzilla: click here

This article permanently updates the link address: