CVE-2010-0180 Information

Description

Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6 and 3.7 when use_suexec is enabled uses world-readable permissions for the localconfig files which allows local users to read sensitive configuration fields as demonstrated by the database password field and the site_wide_secret field.

Reference

http://secunia.com/advisories/40300 http://www.bugzilla.org/security/3.2.6/ http://www.securityfocus.com/bid/41144 http://www.vupen.com/english/advisories/2010/1595 https://bugzilla.mozilla.org/show_bug.cgi?id=561797