MDVSA-2012:114 -- Mandriva apache-mod_auth_openidID: oval:org.secpod.oval:def:1300094 | Date: (C)2013-01-01 (M)2022-10-10 |
Class: PATCH | Family: unix |
A vulnerability has been discovered and corrected in apache-mod_auth_openid: mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids . The updated packages have been upgraded to the latest version which is not affected by this issue.
Platform: |
Mandriva Enterprise Server 5.2 |
Product: |
apache-mod_auth_openid |