😱 HOP INTO THIS AWESOME DEAL!
69% OFF! SAVE BIG NOW!
Days
Days
Hours
Hrs
Minutes
Mins
Seconds
secs
69% OFF! SAVE BIG NOW!
Jump to content

Invite Scene - #1 to Buy, Sell, Trade or Find Free Torrent Invites

#1 TorrentInvites Community. Buy, Sell, Trade or Find Free Torrent Invites for Every Private Torrent Trackers. HDB, BTN, AOM, DB9, PTP, RED, MTV, EXIGO, FL, IPT, TVBZ, AB, BIB, TIK, EMP, FSC, GGN, KG, MTTP, TL, TTG, 32P, AHD, CHD, CG, OPS, TT, WIHD, BHD, U2 etc.

LOOKING FOR HIGH QUALITY SEEDBOX? EVOSEEDBOX.COM PROVIDES YOU BLAZING FAST & HIGH END SEEDBOXES | STARTING AT $5.00/MONTH!

Zero-Day in Bugzilla Exposes Zero-Day Vulnerabilities to Hackers

Crypto

By Crypto
in Security Hive

 Share

Recommended Posts

Crypto Newbie

Crypto

Posted
Posted

 
bugzilla-vulnerabilities.jpg
A critical zero-day vulnerability discovered in Mozilla’s popular Bugzilla bug-tracking software used by hundreds of prominent software organizations, both private and open-source, could expose sensitive information and vulnerabilities of the software projects to the hackers.
 
The critical flaw allows an attacker to bypass email verification part when registering a new Bugzilla account, which clearly means that an attacker can register accounts using any email addresses of their choice without the need to access the actual inbox for validation purposes.
 
VALIDATION BYPASS AND PRIVILEGE ESCALATION BUG
Security firm Check Point Software Technologies disclosed the flaw (CVE-2014-1572) on Monday and said that it’s the first time when a privilege-escalation vulnerability has been found in the Bugzilla project since 2002. The Mozilla foundation has also confirmed that this particular bug exists in all versions of Bugzilla going back to version 2.23.3 from 2006.
 
 

An analysis carried out by the researchers at Check Point revealed that the critical "bug enables unknown users to gain administrative privileges" as well as "by using these admin credentials, attackers can then view and edit private and undisclosed bug details."
 
Furthermore, a hacker exploiting the flaw could intervene to destroy bug information in an effort to slow down the process of fixing vulnerabilities in a particular piece of software.

"

The successful exploitation of the vulnerability allows the manipulation of any (database) field at the user creation procedure, including the 'login_name' field,

" Netanel Rubin, a researcher with Check Point, 

wrote

 in the initial report to Bugzilla. "

This breaks the e-mail validation process and allows an attacker to create accounts which match the group's regex policies, effectively becoming a privileged user.

"

BUGZILLA AND ITS REACH
Bugzilla is a Web-based general-purpose bugtracker and testing tool originally developed by the Mozilla Foundation, and has been used by a variety of organizations as a bug tracking system for free and open source software projects.
 
Among others, the software is used by the Mozilla Foundation, Apache, the Linux kernel, OpenSSH, Eclipse, KDE, Wikimedia Foundation, Wireshark, Novell, and GNOME as well as, many Linux distributions.
 
Nearly 150 large software developers and open-source projects use Mozilla’s Bugzilla software to track the vulnerabilities in their products. The actual figure could be even higher since many of the organisations are private.
 
PATCH AVAILABLE
Check Point reported the vulnerability to the Mozilla Foundation on September 29 and on Monday, Bugzilla rushed to release a patch for the issue to the public and warned the prominent organizations about its availability.
 
New Bugzilla versions are offered for download: 4.0.15, 4.2.11, 4.4.6, and 4.5.6. “The overridden login name could be automatically added to groups based on the group's regular expression setting,†the advisory says.
 
While Mozilla has already patched its own public Bugzilla server at bugzilla.mozilla.org, that installation was never configured to allow email-based privilege escalation.
 
                    Add Rep and Leave a feedback
              Reputation is the green button in the down right corner on my post 

 

do you understand            if you having fun?                  it's a rising sun                           it's a man killing                              what's that feelin'

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Check out what our members are saying

    GreenGrass
    Quick transaction, honest, friendly and very helpful. Highly recommended!
    GeraldReite
    Speedy and responsive, excellent rates, have ordered my invites and have not had any issues! 10/10 recommend!
    divyangtyagi1412
    Inviter provides lower prices than other providers and other forum owners by a higher margin. He is the man to buy from if you are looking for a torrent invites to any website h…
    denadel
    First of all, thank you so much for retaining me. Inviter helped with my questioning and directed me to the best torrentinvites to fetch on. The approaches were super smooth, and…
    OvaTheMoon
    Inviter is awesome. Very fast and friendly. Excellent in answering questions and quick transactions. Will do business with again.
    Escanor1234
    great service
    genesisishere
    Absolutely patient and wonderful delivery. I really have nothing negative to say. Highly recommended!
    tiziano21211
    Fast, responsive and patient. I had the item exactly as described, and worked with me to get everything set up. I would buy from you again.
    GlennGal
    Inviter supported me a lot and was super fast for the torrent access that I wanted. I will for sure request help from him when I need something else. Glad I reached him and regis…
    Legobrah
    Promptly and effectively fixed a problem with one of the product (my error, not seller's). Will definitely be back and will recommend to others as a quality vendor. 5/5 Stars. A…
    ravens2000
    I would highly recommend anyone looking to find torrents to use this site  
    didako014
    Absolutely great, Inviter is very fast and nice when solving queries. I received my invite immediately, thank you so much!
    lizwan
    Don't know how he does it, but @Inviter delivers! Had a smooth transaction, no hiccups!
    LTwithamap
    Seller is great! Fast to respond and reliable. Had to wait but it's reasonable since seller is at work. 10/10 would buy something else again in the future.
    kenpark
    Prefect and always a great communicator from start to finish will use again A+ for service and support 
    entrailz
    Seems to work fine for now - will have to wait and see what the future holds.
    JunkyRoss
    Awsome service i love it thanks alot
    eggsorer
    Sent the invite fairly quickly, and sent very short, straight to the point, concise messages.
    21freckles
    Very prompt and professional.
    Pedro Pascal
    Fast and reliable, highly recommend. 
    elence
    I was looking for an invite to Brokenstones and was able to get one very quickly and easily. Most importantly admin gave me a few options and explained how the invite tree works …
    anthonysteven
    Il migliore venditore, 100%
    biitel
    Real tracker invite that's non-trivial to get with a quick turnaround for the simple act of site participation. Pretty awesome.
    the_20a
    smooth process
    DMcanelo
    Definitely, you can trust him. Fast and efficient. 
    linrase
    I was nervous spending so much money on an invite at first and there has been some delay due to how hard the access to empornium.me is. But I remained calm and waited for the ve…
    LOPEZ768
    Fast and reliable, highly recommend. 
    inspectdata
    This seller is very professional, polite, and prompt. I was originally suspicious about this Site but I was very pleasantly surprised. I would like to recommend this to anyone wh…

  • Our picks

    View All
×
×
  • Create New...