CVE Reference: CVE-2010-0180

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2010-0180

Description:
Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6 and 3.7, when use_suexec is enabled, uses world-readable permissions for the localconfig files, which allows local users to read sensitive configuration fields, as demonstrated by the database password field and the site_wide_secret field.

CVE Status:
Candidate

References:

SAID
  Secunia Advisory: SA40300

CONFIRM
  http://www.bugzilla.org/security/3.2.6/

BID
  41144


Return to the previous page.