PT-2005-5213 · Mozilla · Bugzilla

Javier Fernández-Sanguino Peña

Published

2005-12-28

Updated

2018-10-19

CVE-2005-4534

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Bugzilla versions 2.9 through 2.16.10

Description The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files used by the shadow database feature (syncshadowdb).

Recommendations For Bugzilla versions 2.9 through 2.16.10, consider disabling the syncshadowdb feature until a patch is available to prevent exploitation. Restrict access to temporary files used by this feature to minimize the risk of arbitrary file overwrites.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-4534

DSA-1208-1

Affected Products

Bugzilla

PT-2005-5213 · Mozilla · Bugzilla

CVE-2005-4534

Related Identifiers

Affected Products

References · 12