Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Critical Bugzilla vulnerability could give hackers access to undisclosed software flaws

Lucian Constantin | Oct. 8, 2014
Software projects that use the Bugzilla bug tracking software should deploy the latest patches immediately, security researchers said.

CGI-based applications might be vulnerable is a similar way if developers didn't take this behavior into consideration, but according to one reader who commented on Markham's blog post, the issue has been known since 2006.

The Bugzilla developers have found fifteen instances where the problematic pattern occurred in its code and determined that four of them were exploitable to some degree, Markham said. "I'd say it might be wise to not ever allow hash values to be assigned directly from functions without a call to scalar."


Previous Page  1  2 

Sign up for Computerworld eNewsletters.