FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Bugzilla -- Directory Traversal in importxml.pl

Affected packages
2.22.1 <= bugzilla < 2.22.4
3.* <= bugzilla < 3.0.4
2.22.1 <= ja-bugzilla < 2.22.4
3.* <= ja-bugzilla < 3.0.4

Details

VuXML ID 1d96305d-6ae6-11dd-91d5-000c29d47fd7
Discovery 2008-06-03
Entry 2008-08-15
Modified 2010-05-12

A Bugzilla Security Advisory reports:

When importing bugs using importxml.pl, the --attach_path option can be specified, pointing to the directory where attachments to import are stored. If the XML file being read by importxml.pl contains a malicious

../relative_path/to/local_file

node, the script follows this relative path and attaches the local file pointed by it to the bug, making the file public. The security fix makes sure the relative path is always ignored.

References

CVE Name CVE-2008-4437
URL https://bugzilla.mozilla.org/show_bug.cgi?id=437169