• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Bugzilla User.PM Unauthorized Account Creation Security Bypass Vulnerability

Bugtraq ID:	25725
Class:	Access Validation Error
CVE:	CVE-2007-5038
Remote:	Yes
Local:	No
Published:	Sep 19 2007 12:00AM
Updated:	Sep 26 2007 03:39PM
Credit:	The vendor credits Sascha Jensen, Frédéric Buclin, Max Kanat-Alexander, and Marc Schumann with the discovery of this issue.
Vulnerable:	RedHat Fedora Core7 0 Mozilla Bugzilla 3.1.1 Mozilla Bugzilla 3.1 Mozilla Bugzilla 3.0.1 Mozilla Bugzilla 3.0 Mozilla Bugzilla 2.23.4 Mozilla Bugzilla 2.23.3 Mozilla Bugzilla 2.23.2 Mozilla Bugzilla 2.22.3 Mozilla Bugzilla 2.22.2 Mozilla Bugzilla 2.22.1 Mozilla Bugzilla 2.21.2 Mozilla Bugzilla 2.21.1 Mozilla Bugzilla 2.21 Mozilla Bugzilla 2.20.5 Mozilla Bugzilla 2.20.4 Mozilla Bugzilla 2.20.3 Mozilla Bugzilla 2.20.2 Mozilla Bugzilla 2.20.1 Mozilla Bugzilla 2.20 rc2 Mozilla Bugzilla 2.20 rc1 Mozilla Bugzilla 2.19.3 Mozilla Bugzilla 2.19.2 Mozilla Bugzilla 2.19.1 Mozilla Bugzilla 2.19 Mozilla Bugzilla 2.18.6 Mozilla Bugzilla 2.18.5 Mozilla Bugzilla 2.18.4 Mozilla Bugzilla 2.18.3 Mozilla Bugzilla 2.18.2 Mozilla Bugzilla 2.18.1 Mozilla Bugzilla 2.18 rc3 Mozilla Bugzilla 2.18 rc2 Mozilla Bugzilla 2.18 rc1 Mozilla Bugzilla 2.17.7 Mozilla Bugzilla 2.17.6 Mozilla Bugzilla 2.17.5 Mozilla Bugzilla 2.17.4 Mozilla Bugzilla 2.17.3 Mozilla Bugzilla 2.17.1 Mozilla Bugzilla 2.17 Mozilla Bugzilla 2.16.11 Mozilla Bugzilla 2.16.10 Mozilla Bugzilla 2.16.9 Mozilla Bugzilla 2.16.8 Mozilla Bugzilla 2.16.7 + Conectiva Linux 10.0 + Conectiva Linux 9.0 + Conectiva Linux 9.0 + Conectiva Linux 9.0 + Conectiva Linux 9.0 Mozilla Bugzilla 2.16.6 Mozilla Bugzilla 2.16.5 Mozilla Bugzilla 2.16.4 Mozilla Bugzilla 2.16.3 Mozilla Bugzilla 2.16.2 + Conectiva Linux 9.0 + Conectiva Linux 9.0 Mozilla Bugzilla 2.16.1 Mozilla Bugzilla 2.16 .10 Mozilla Bugzilla 2.16 - MandrakeSoft Linux Mandrake 9.0 - MandrakeSoft Linux Mandrake 9.0 Mozilla Bugzilla 2.14.5 Mozilla Bugzilla 2.14.4 Mozilla Bugzilla 2.14.3 Mozilla Bugzilla 2.14.2 + Debian Linux 3.0 sparc + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 s/390 + Debian Linux 3.0 s/390 + Debian Linux 3.0 s/390 + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 ppc + Debian Linux 3.0 ppc + Debian Linux 3.0 ppc + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mipsel + Debian Linux 3.0 mipsel + Debian Linux 3.0 mipsel + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 mips + Debian Linux 3.0 mips + Debian Linux 3.0 mips + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 m68k + Debian Linux 3.0 m68k + Debian Linux 3.0 m68k + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 hppa + Debian Linux 3.0 hppa + Debian Linux 3.0 hppa + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 arm + Debian Linux 3.0 arm + Debian Linux 3.0 arm + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 alpha + Debian Linux 3.0 alpha + Debian Linux 3.0 alpha + Debian Linux 3.0 alpha + Debian Linux 3.0 + Debian Linux 3.0 + Debian Linux 3.0 + Debian Linux 3.0 + Debian Linux 3.0 Mozilla Bugzilla 2.14.1 Mozilla Bugzilla 2.14 - RedHat Linux 7.1 - RedHat Linux 7.1 - RedHat Linux 7.0 - RedHat Linux 7.0 - RedHat Linux 7.0 - RedHat Linux 7.0 - RedHat Linux 7.0 Mozilla Bugzilla 2.12 Mozilla Bugzilla 2.10 Mozilla Bugzilla 2.9 Mozilla Bugzilla 2.8 - Microsoft Windows 95 - Microsoft Windows 95 - Microsoft Windows 95 - Microsoft Windows 95 - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows 98 - Microsoft Windows 98 - Microsoft Windows 98 - Microsoft Windows 98 - Microsoft Windows NT 3.5.1 - Microsoft Windows NT 3.5.1 - Microsoft Windows NT 4.0 - Microsoft Windows NT 4.0 - Microsoft Windows NT 4.0 - Microsoft Windows NT 4.0 - Microsoft Windows NT 4.0 Mozilla Bugzilla 2.6 Mozilla Bugzilla 2.4 Mozilla Bugzilla 2.22 RC1 Mozilla Bugzilla 2.22 Mozilla Bugzilla 2.20
Not Vulnerable:	Mozilla Bugzilla 3.1.2 Mozilla Bugzilla 3.0.2