CVE-2002-0805
First published: Mon Aug 12 2002(Updated: )
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new directories with world-writable permissions, and (2) creates the params file with world-writable permissions, which allows local users to modify the files and execute code.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Bugzilla | =2.16-rc1 | |
| Mozilla Bugzilla | =2.16 | |
| Mozilla Bugzilla | =2.14.1 | |
| Mozilla Bugzilla | =2.14 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2002-0805?
CVE-2002-0805 is rated as a high severity vulnerability due to its world-writable permissions that allow local users to modify files.
How do I fix CVE-2002-0805?
To fix CVE-2002-0805, upgrade Bugzilla to version 2.14.2 or 2.16rc2 or later.
What versions of Bugzilla are affected by CVE-2002-0805?
CVE-2002-0805 affects Bugzilla versions 2.14 and earlier, as well as 2.16 up to version 2.16rc1.
What risks are associated with CVE-2002-0805?
The risks associated with CVE-2002-0805 include potential unauthorized file modification and code execution by local users.
Is it safe to use Bugzilla 2.16rc1 or earlier?
No, using Bugzilla 2.16rc1 or earlier is not safe due to the security vulnerabilities present in those versions.
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/references
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/severity
- agent/last-modified-date
- agent/description
- agent/event
- agent/remedy
- agent/tags
- agent/source
- vendor/mozilla
- canonical/mozilla bugzilla
- version/mozilla bugzilla/2.16-rc1
- version/mozilla bugzilla/2.16
- version/mozilla bugzilla/2.14.1
- version/mozilla bugzilla/2.14