VULHUB ™

Bugzilla is a freely available, open source bug tracking software package. It is available for Linux, Unix, and Microsoft Operating Systems. An attacker with the authority to reverse-resolve IP addresses may be able to bypass the checks performed by Bugzilla to prevent session hijacking. By creating a pointer record that identifies the hostname of the attacker's system as that of another user, the hostname restrictions used by Bugzilla can be circumvented. An attacker would only require the users's cookie credentials to completely hijack the user's session.

Bugzilla is a freely available, open source bug tracking software package. It is available for Linux, Unix, and Microsoft Operating Systems. An attacker with the authority to reverse-resolve IP addresses may be able to bypass the checks performed by Bugzilla to prevent session hijacking. By creating a pointer record that identifies the hostname of the attacker's system as that of another user, the hostname restrictions used by Bugzilla can be circumvented. An attacker would only require the users's cookie credentials to completely hijack the user's session.