Bugzilla User.PM Unauthorized Account Creation Security Bypass Vulnerability

Bugtraq ID: 25725
Class: Access Validation Error
CVE: CVE-2007-5038
Remote: Yes
Local: No
Published: Sep 19 2007 12:00AM
Updated: Sep 26 2007 03:39PM
Credit: The vendor credits Sascha Jensen, Frédéric Buclin, Max Kanat-Alexander, and Marc Schumann with the discovery of this issue.
Vulnerable: Redhat Fedora Core7
Mozilla Bugzilla 3.1.1
Mozilla Bugzilla 3.1
Mozilla Bugzilla 3.0.1
Mozilla Bugzilla 3.0
Mozilla Bugzilla 2.23.4
Mozilla Bugzilla 2.23.3
Mozilla Bugzilla 2.23.2
Mozilla Bugzilla 2.22.3
Mozilla Bugzilla 2.22.2
Mozilla Bugzilla 2.22.1
Mozilla Bugzilla 2.21.2
Mozilla Bugzilla 2.21.1
Mozilla Bugzilla 2.21
Mozilla Bugzilla 2.20.5
Mozilla Bugzilla 2.20.4
Mozilla Bugzilla 2.20.3
Mozilla Bugzilla 2.20.2
Mozilla Bugzilla 2.20.1
Mozilla Bugzilla 2.20 rc2
Mozilla Bugzilla 2.20 rc1
Mozilla Bugzilla 2.19.3
Mozilla Bugzilla 2.19.2
Mozilla Bugzilla 2.19.1
Mozilla Bugzilla 2.19
Mozilla Bugzilla 2.18.6
Mozilla Bugzilla 2.18.5
Mozilla Bugzilla 2.18.4
Mozilla Bugzilla 2.18.3
Mozilla Bugzilla 2.18.2
Mozilla Bugzilla 2.18.1
Mozilla Bugzilla 2.18 rc3
Mozilla Bugzilla 2.18 rc2
Mozilla Bugzilla 2.18 rc1
Mozilla Bugzilla 2.17.7
Mozilla Bugzilla 2.17.6
Mozilla Bugzilla 2.17.5
Mozilla Bugzilla 2.17.4
Mozilla Bugzilla 2.17.3
Mozilla Bugzilla 2.17.1
Mozilla Bugzilla 2.17
Mozilla Bugzilla 2.16.11
Mozilla Bugzilla 2.16.10
Mozilla Bugzilla 2.16.9
Mozilla Bugzilla 2.16.8
Mozilla Bugzilla 2.16.7
Mozilla Bugzilla 2.16.6
Mozilla Bugzilla 2.16.5
Mozilla Bugzilla 2.16.4
Mozilla Bugzilla 2.16.3
Mozilla Bugzilla 2.16.2
Mozilla Bugzilla 2.16.1
Mozilla Bugzilla 2.16 .10
Mozilla Bugzilla 2.16
- Mandriva Linux Mandrake 9.0
- Mandriva Linux Mandrake 9.0
Mozilla Bugzilla 2.14.5
Mozilla Bugzilla 2.14.4
Mozilla Bugzilla 2.14.3
Mozilla Bugzilla 2.14.2
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Debian Linux 3.0
+ Debian Linux 3.0
+ Debian Linux 3.0
+ Debian Linux 3.0
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.14
- Redhat Linux 7.1
- Redhat Linux 7.1
- Redhat Linux 7.0
- Redhat Linux 7.0
- Redhat Linux 7.0
- Redhat Linux 7.0
- Redhat Linux 7.0
Mozilla Bugzilla 2.12
Mozilla Bugzilla 2.10
Mozilla Bugzilla 2.9
Mozilla Bugzilla 2.8
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows NT 3.5.1
- Microsoft Windows NT 3.5.1
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.22 RC1
Mozilla Bugzilla 2.22
Mozilla Bugzilla 2.20
Not Vulnerable: Mozilla Bugzilla 3.1.2
Mozilla Bugzilla 3.0.2


 

Privacy Statement
Copyright 2010, SecurityFocus