CVE-2010-2757
First published: Mon Aug 16 2010(Updated: )
The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 does not properly send impersonation notifications, which makes it easier for remote authenticated users to impersonate other users without discovery.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Bugzilla | =3.0.4 | |
| Mozilla Bugzilla | =3.0-rc1 | |
| Mozilla Bugzilla | =3.1.3 | |
| Mozilla Bugzilla | =3.0.0 | |
| Mozilla Bugzilla | =2.22.7 | |
| Mozilla Bugzilla | =3.7.2 | |
| Mozilla Bugzilla | =3.4.3 | |
| Mozilla Bugzilla | =3.3.2 | |
| Mozilla Bugzilla | =3.0.1 | |
| Mozilla Bugzilla | =3.6.1 | |
| Mozilla Bugzilla | =3.2.6 | |
| Mozilla Bugzilla | =3.1.1 | |
| Mozilla Bugzilla | =3.7.1 | |
| Mozilla Bugzilla | =3.7 | |
| Mozilla Bugzilla | =3.4.2 | |
| Mozilla Bugzilla | =3.1.2 | |
| Mozilla Bugzilla | =3.5.3 | |
| Mozilla Bugzilla | =3.2.5 | |
| Mozilla Bugzilla | =3.3.4 | |
| Mozilla Bugzilla | =2.22.3 | |
| Mozilla Bugzilla | =3.6 | |
| Mozilla Bugzilla | =2.22.6 | |
| Mozilla Bugzilla | =2.23.2 | |
| Mozilla Bugzilla | =3.2.3 | |
| Mozilla Bugzilla | =2.22.1 | |
| Mozilla Bugzilla | =2.23.4 | |
| Mozilla Bugzilla | =3.5.2 | |
| Mozilla Bugzilla | =3.0 | |
| Mozilla Bugzilla | =3.5.1 | |
| Mozilla Bugzilla | =3.0.11 | |
| Mozilla Bugzilla | =3.0.6 | |
| Mozilla Bugzilla | =2.23.3 | |
| Mozilla Bugzilla | =3.0.7 | |
| Mozilla Bugzilla | =2.23.1 | |
| Mozilla Bugzilla | =2.22-rc1 | |
| Mozilla Bugzilla | =2.22.5 | |
| Mozilla Bugzilla | =3.4.1 | |
| Mozilla Bugzilla | =3.4.4 | |
| Mozilla Bugzilla | =2.6 | |
| Mozilla Bugzilla | =3.4.7 | |
| Mozilla Bugzilla | =2.22 | |
| Mozilla Bugzilla | =3.1.0 | |
| Mozilla Bugzilla | =2.4 | |
| Mozilla Bugzilla | =3.0.3 | |
| Mozilla Bugzilla | =3.2 | |
| Mozilla Bugzilla | =3.0.9 | |
| Mozilla Bugzilla | =2.8 | |
| Mozilla Bugzilla | =3.2.4 | |
| Mozilla Bugzilla | =3.0.2 | |
| Mozilla Bugzilla | =3.3.3 | |
| Mozilla Bugzilla | =3.2.2 | |
| Mozilla Bugzilla | =3.0.10 | |
| Mozilla Bugzilla | =3.0.8 | |
| Mozilla Bugzilla | =2.23 | |
| Mozilla Bugzilla | =3.2.7 | |
| Mozilla Bugzilla | =2.9 | |
| Mozilla Bugzilla | =3.4.5 | |
| Mozilla Bugzilla | =3.0.5 | |
| Mozilla Bugzilla | =2.22.4 | |
| Mozilla Bugzilla | =3.3.1 | |
| Mozilla Bugzilla | =3.4.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=450013
- http://www.bugzilla.org/security/3.2.7/
- https://bugzilla.redhat.com/show_bug.cgi?id=623423
- http://www.vupen.com/english/advisories/2010/2035
- http://secunia.com/advisories/40892
- http://www.securityfocus.com/bid/42275
- http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html
- http://www.vupen.com/english/advisories/2010/2205
- http://secunia.com/advisories/41128
- http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-historical
- collector/nvd-index
- vendor/mozilla
- canonical/mozilla bugzilla
- version/mozilla bugzilla/3.0.4
- version/mozilla bugzilla/3.0-rc1
- version/mozilla bugzilla/3.1.3
- version/mozilla bugzilla/3.0.0
- version/mozilla bugzilla/2.22.7
- version/mozilla bugzilla/3.7.2
- version/mozilla bugzilla/3.4.3
- version/mozilla bugzilla/3.3.2
- version/mozilla bugzilla/3.0.1
- version/mozilla bugzilla/3.6.1
- version/mozilla bugzilla/3.2.6
- version/mozilla bugzilla/3.1.1
- version/mozilla bugzilla/3.7.1
- version/mozilla bugzilla/3.7
- version/mozilla bugzilla/3.4.2
- version/mozilla bugzilla/3.1.2
- version/mozilla bugzilla/3.5.3
- version/mozilla bugzilla/3.2.5
- version/mozilla bugzilla/3.3.4
- version/mozilla bugzilla/2.22.3
- version/mozilla bugzilla/3.6
- version/mozilla bugzilla/2.22.6
- version/mozilla bugzilla/2.23.2
- version/mozilla bugzilla/3.2.3
- version/mozilla bugzilla/2.22.1
- version/mozilla bugzilla/2.23.4
- version/mozilla bugzilla/3.5.2
- version/mozilla bugzilla/3.0
- version/mozilla bugzilla/3.5.1
- version/mozilla bugzilla/3.0.11
- version/mozilla bugzilla/3.0.6
- version/mozilla bugzilla/2.23.3
- version/mozilla bugzilla/3.0.7
- version/mozilla bugzilla/2.23.1
- version/mozilla bugzilla/2.22-rc1
- version/mozilla bugzilla/2.22.5
- version/mozilla bugzilla/3.4.1
- version/mozilla bugzilla/3.4.4
- version/mozilla bugzilla/2.6
- version/mozilla bugzilla/3.4.7
- version/mozilla bugzilla/2.22
- version/mozilla bugzilla/3.1.0
- version/mozilla bugzilla/2.4
- version/mozilla bugzilla/3.0.3
- version/mozilla bugzilla/3.2
- version/mozilla bugzilla/3.0.9
- version/mozilla bugzilla/2.8
- version/mozilla bugzilla/3.2.4
- version/mozilla bugzilla/3.0.2
- version/mozilla bugzilla/3.3.3
- version/mozilla bugzilla/3.2.2
- version/mozilla bugzilla/3.0.10
- version/mozilla bugzilla/3.0.8
- version/mozilla bugzilla/2.23
- version/mozilla bugzilla/3.2.7
- version/mozilla bugzilla/2.9
- version/mozilla bugzilla/3.4.5
- version/mozilla bugzilla/3.0.5
- version/mozilla bugzilla/2.22.4
- version/mozilla bugzilla/3.3.1
- version/mozilla bugzilla/3.4.6