[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-1754 roundup -- insufficient access checks

ID: oval:org.mitre.oval:def:7366Date: (C)2009-12-15   (M)2022-10-10
Class: PATCHFamily: unix




It was discovered that roundup, an issue tracker with a command-line, web and email interface, allows users to edit resources in unauthorized ways, including granting themselves admin rights. This update introduces stricter access checks, actually enforcing the configured permissions and roles. This means that the configuration may need updating. In addition, user registration via the web interface has been disabled; use the program "roundup-admin" from the command line instead.

Platform:
Debian 5.0
Debian 4.0
Product:
roundup
Reference:
DSA-1754
CVE-2009-2737
CVE    1
CVE-2009-2737
CPE    2
cpe:/o:debian:debian_linux:4.0
cpe:/o:debian:debian_linux:5.0

© SecPod Technologies