CVE-2010-2757
First published: Mon Aug 16 2010(Updated: )
The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 does not properly send impersonation notifications, which makes it easier for remote authenticated users to impersonate other users without discovery.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Bugzilla | =3.0.4 | |
| Mozilla Bugzilla | =3.0-rc1 | |
| Mozilla Bugzilla | =3.1.3 | |
| Mozilla Bugzilla | =3.0.0 | |
| Mozilla Bugzilla | =2.22.7 | |
| Mozilla Bugzilla | =3.7.2 | |
| Mozilla Bugzilla | =3.4.3 | |
| Mozilla Bugzilla | =3.3.2 | |
| Mozilla Bugzilla | =3.0.1 | |
| Mozilla Bugzilla | =3.6.1 | |
| Mozilla Bugzilla | =3.2.6 | |
| Mozilla Bugzilla | =3.1.1 | |
| Mozilla Bugzilla | =3.7.1 | |
| Mozilla Bugzilla | =3.7 | |
| Mozilla Bugzilla | =3.4.2 | |
| Mozilla Bugzilla | =3.1.2 | |
| Mozilla Bugzilla | =3.5.3 | |
| Mozilla Bugzilla | =3.2.5 | |
| Mozilla Bugzilla | =3.3.4 | |
| Mozilla Bugzilla | =2.22.3 | |
| Mozilla Bugzilla | =3.6 | |
| Mozilla Bugzilla | =2.22.6 | |
| Mozilla Bugzilla | =2.23.2 | |
| Mozilla Bugzilla | =3.2.3 | |
| Mozilla Bugzilla | =2.22.1 | |
| Mozilla Bugzilla | =2.23.4 | |
| Mozilla Bugzilla | =3.5.2 | |
| Mozilla Bugzilla | =3.0 | |
| Mozilla Bugzilla | =3.5.1 | |
| Mozilla Bugzilla | =3.0.11 | |
| Mozilla Bugzilla | =3.0.6 | |
| Mozilla Bugzilla | =2.23.3 | |
| Mozilla Bugzilla | =3.0.7 | |
| Mozilla Bugzilla | =2.23.1 | |
| Mozilla Bugzilla | =2.22-rc1 | |
| Mozilla Bugzilla | =2.22.5 | |
| Mozilla Bugzilla | =3.4.1 | |
| Mozilla Bugzilla | =3.4.4 | |
| Mozilla Bugzilla | =2.6 | |
| Mozilla Bugzilla | =3.4.7 | |
| Mozilla Bugzilla | =2.22 | |
| Mozilla Bugzilla | =3.1.0 | |
| Mozilla Bugzilla | =2.4 | |
| Mozilla Bugzilla | =3.0.3 | |
| Mozilla Bugzilla | =3.2 | |
| Mozilla Bugzilla | =3.0.9 | |
| Mozilla Bugzilla | =2.8 | |
| Mozilla Bugzilla | =3.2.4 | |
| Mozilla Bugzilla | =3.0.2 | |
| Mozilla Bugzilla | =3.3.3 | |
| Mozilla Bugzilla | =3.2.2 | |
| Mozilla Bugzilla | =3.0.10 | |
| Mozilla Bugzilla | =3.0.8 | |
| Mozilla Bugzilla | =2.23 | |
| Mozilla Bugzilla | =3.2.7 | |
| Mozilla Bugzilla | =2.9 | |
| Mozilla Bugzilla | =3.4.5 | |
| Mozilla Bugzilla | =3.0.5 | |
| Mozilla Bugzilla | =2.22.4 | |
| Mozilla Bugzilla | =3.3.1 | |
| Mozilla Bugzilla | =3.4.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=450013
- http://www.bugzilla.org/security/3.2.7/
- https://bugzilla.redhat.com/show_bug.cgi?id=623423
- http://www.vupen.com/english/advisories/2010/2035
- http://secunia.com/advisories/40892
- http://www.securityfocus.com/bid/42275
- http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html
- http://www.vupen.com/english/advisories/2010/2205
- http://secunia.com/advisories/41128
- http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html
Frequently Asked Questions
What is the severity of CVE-2010-2757?
CVE-2010-2757 is classified as a moderate severity vulnerability.
Who is affected by CVE-2010-2757?
CVE-2010-2757 affects versions of Bugzilla from 2.22rc1 through 3.7.2.
What types of attacks can exploit CVE-2010-2757?
CVE-2010-2757 can be exploited by remote authenticated users to impersonate other users.
How do I fix CVE-2010-2757?
To fix CVE-2010-2757, upgrade to a fixed version of Bugzilla that addresses this vulnerability.
What impact does CVE-2010-2757 have on user privacy?
CVE-2010-2757 can compromise user privacy by allowing unauthorized impersonation without notifications.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-historical
- collector/nvd-index
- vendor/mozilla
- canonical/mozilla bugzilla
- version/mozilla bugzilla/3.0.4
- version/mozilla bugzilla/3.0-rc1
- version/mozilla bugzilla/3.1.3
- version/mozilla bugzilla/3.0.0
- version/mozilla bugzilla/2.22.7
- version/mozilla bugzilla/3.7.2
- version/mozilla bugzilla/3.4.3
- version/mozilla bugzilla/3.3.2
- version/mozilla bugzilla/3.0.1
- version/mozilla bugzilla/3.6.1
- version/mozilla bugzilla/3.2.6
- version/mozilla bugzilla/3.1.1
- version/mozilla bugzilla/3.7.1
- version/mozilla bugzilla/3.7
- version/mozilla bugzilla/3.4.2
- version/mozilla bugzilla/3.1.2
- version/mozilla bugzilla/3.5.3
- version/mozilla bugzilla/3.2.5
- version/mozilla bugzilla/3.3.4
- version/mozilla bugzilla/2.22.3
- version/mozilla bugzilla/3.6
- version/mozilla bugzilla/2.22.6
- version/mozilla bugzilla/2.23.2
- version/mozilla bugzilla/3.2.3
- version/mozilla bugzilla/2.22.1
- version/mozilla bugzilla/2.23.4
- version/mozilla bugzilla/3.5.2
- version/mozilla bugzilla/3.0
- version/mozilla bugzilla/3.5.1
- version/mozilla bugzilla/3.0.11
- version/mozilla bugzilla/3.0.6
- version/mozilla bugzilla/2.23.3
- version/mozilla bugzilla/3.0.7
- version/mozilla bugzilla/2.23.1
- version/mozilla bugzilla/2.22-rc1
- version/mozilla bugzilla/2.22.5
- version/mozilla bugzilla/3.4.1
- version/mozilla bugzilla/3.4.4
- version/mozilla bugzilla/2.6
- version/mozilla bugzilla/3.4.7
- version/mozilla bugzilla/2.22
- version/mozilla bugzilla/3.1.0
- version/mozilla bugzilla/2.4
- version/mozilla bugzilla/3.0.3
- version/mozilla bugzilla/3.2
- version/mozilla bugzilla/3.0.9
- version/mozilla bugzilla/2.8
- version/mozilla bugzilla/3.2.4
- version/mozilla bugzilla/3.0.2
- version/mozilla bugzilla/3.3.3
- version/mozilla bugzilla/3.2.2
- version/mozilla bugzilla/3.0.10
- version/mozilla bugzilla/3.0.8
- version/mozilla bugzilla/2.23
- version/mozilla bugzilla/3.2.7
- version/mozilla bugzilla/2.9
- version/mozilla bugzilla/3.4.5
- version/mozilla bugzilla/3.0.5
- version/mozilla bugzilla/2.22.4
- version/mozilla bugzilla/3.3.1
- version/mozilla bugzilla/3.4.6