FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

bugzilla -- "createmailregexp" security bypass vulnerability

Affected packages
3.* <= bugzilla < 3.0.2

Details

VuXML ID f8d3689e-6770-11dc-8be8-02e0185f8d72
Discovery 2007-09-18
Entry 2007-09-20
Modified 2010-05-12

The Bugzilla development team reports:

Bugzilla::WebService::User::offer_account_by_email does not check the "createemailregexp" parameter, and thus allows users to create accounts who would normally be denied account creation. The "emailregexp" parameter is still checked. If you do not have the SOAP::Lite Perl module installed on your Bugzilla system, your system is not vulnerable (because the Bugzilla WebService will not be enabled).

References

CVE Name CVE-2007-5038
URL http://www.bugzilla.org/security/3.0.1/