CVE-2010-2757 Information

Description

The sudo feature in Bugzilla 2.22rc1 through 3.2.7 3.3.1 through 3.4.7 3.5.1 through 3.6.1 and 3.7 through 3.7.2 does not properly send impersonation notifications which makes it easier for remote authenticated users to impersonate other users without discovery.

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.html http://secunia.com/advisories/40892 http://secunia.com/advisories/41128 http://www.bugzilla.org/security/3.2.7/ http://www.securityfocus.com/bid/42275 http://www.vupen.com/english/advisories/2010/2035 http://www.vupen.com/english/advisories/2010/2205 https://bugzilla.mozilla.org/show_bug.cgi?id=450013 https://bugzilla.redhat.com/show_bug.cgi?id=623423