Closed
Bug 577139
(CVE-2010-2758)
Opened 10 years ago
Closed 10 years ago
[SECURITY] request.cgi and duplicates.cgi let you know whether a product exists or not
Categories
(Bugzilla :: Attachments & Requests, defect, minor)
Tracking
()
RESOLVED
FIXED
Bugzilla 3.2
People
(Reporter: LpSolit, Assigned: LpSolit)
References
Details
(Whiteboard: [4.0/4.2 fixed by bug 519835])
Attachments
(2 files)
3.59 KB,
patch
|
mkanat
:
review+
|
Details | Diff | Splinter Review |
661 bytes,
patch
|
mkanat
:
review+
|
Details | Diff | Splinter Review |
Bugzilla::Product::check_product() throws an error if you pass a product name which doesn't exist, letting the user know whether it's a valid product name or not. This is going to be fixed in Bugzilla 4.2 as part of bug 519835.
Updated•10 years ago
|
Severity: normal → minor
![]() |
Assignee | |
Comment 1•10 years ago
|
||
duplicates.cgi is also vulnerable, at least in 3.2.
Summary: [SECURITY] request.cgi lets you know whether a product exists or not → [SECURITY] request.cgi and duplicates.cgi let you know whether a product exists or not
![]() |
Assignee | |
Comment 2•10 years ago
|
||
Here is the patch for 3.2. I didn't want to create a new constant as it's for branches only.
Assignee: attach-and-request → LpSolit
Status: NEW → ASSIGNED
Attachment #456194 -
Flags: review?(mkanat)
Comment 3•10 years ago
|
||
Comment on attachment 456194 [details] [diff] [review] patch for 3.2 and 3.4, v1 This looks right. For newer branches you should just be able to use check().
Attachment #456194 -
Flags: review?(mkanat) → review+
![]() |
Assignee | |
Comment 4•10 years ago
|
||
(In reply to comment #3) > For newer branches you should just be able to use check(). For 3.6, I think so. But 3.4 has no custom check() method (which is needed to override the error message).
Comment 5•10 years ago
|
||
(In reply to comment #4) > For 3.6, I think so. But 3.4 has no custom check() method (which is needed to > override the error message). Ah, okay.
![]() |
Assignee | |
Comment 6•10 years ago
|
||
Comment on attachment 456194 [details] [diff] [review] patch for 3.2 and 3.4, v1 The same patch applies and works for 3.2 and 3.4.
Attachment #456194 -
Attachment description: patch for 3.2, v1 → patch for 3.2 and 3.4, v1
![]() |
Assignee | |
Comment 7•10 years ago
|
||
It will be ready on time for the next releases.
Flags: blocking4.0+
Flags: blocking3.6.2+
Flags: blocking3.4.8+
Flags: blocking3.2.8+
Flags: approval3.4?
Flags: approval3.2?
![]() |
Assignee | |
Comment 8•10 years ago
|
||
I finally checked in bug 519835 in 4.0, so Bugzilla 3.7.3 doesn't need to be fixed in this bug. duplicates.cgi was already fixed since Bugzilla 3.6rc1 thanks to bug 514970. Both request.cgi and duplicates.cgi were affected since Bugzilla 2.17.1.
Flags: blocking4.0+
Whiteboard: [4.0/4.2 fixed by bug 519835]
Version: 3.7 → 2.17.1
![]() |
Assignee | |
Comment 9•10 years ago
|
||
Bugzilla 3.6 has a custom check() method in Product.pm, which throws the appropriate error. So we can use it here.
Attachment #456259 -
Flags: review?(mkanat)
Updated•10 years ago
|
Attachment #456259 -
Flags: review?(mkanat) → review+
Comment 10•10 years ago
|
||
Comment on attachment 456259 [details] [diff] [review] patch for 3.6, v1 Yeah, obviously correct. :-)
Updated•10 years ago
|
Flags: approval3.6?
Updated•10 years ago
|
Alias: CVE-2010-2758
![]() |
Assignee | |
Updated•10 years ago
|
Flags: approval3.6?
Flags: approval3.6+
Flags: approval3.4?
Flags: approval3.4+
Flags: approval3.2?
Flags: approval3.2+
![]() |
Assignee | |
Comment 11•10 years ago
|
||
Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/3.6/ modified request.cgi Committed revision 7159. Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/3.4/ modified duplicates.cgi modified request.cgi modified Bugzilla/Product.pm Committed revision 6773. Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/3.2/ modified duplicates.cgi modified request.cgi modified Bugzilla/Product.pm Committed revision 6394.
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•