Hello!
On 6/21/06, Malcolm Herbert <[EMAIL PROTECTED]> wrote:
On Tue, Jun 20, 2006 at 11:59:34PM -0700, Jim Meyer wrote:
|Thanks to Walter Duncan, a critical security bug in the LDAP overlay's
|account autocreation callback has been fixed. If you're using this
|code, please update it from the wiki:
|
| http://wiki.bestpractical.com/index.cgi?LdapAutocreateAuthCallback
|
|The bug, left unpatched, could allow user accounts to be compromised.
|Please update as soon as possible.
Can you tell us which versions of RT this will affect? thanks
This affects any version of RT in which you've installed the LDAP
overlay found in the Best Practical wiki at
http://wiki.bestpractical.com/?LDAP. It is particular to the
recently-added Auth callback which autocreates user accounts; that
file (found at http://wiki.bestpractical.com/?LdapAutocreateAuthCallback)
is the only piece of the overlay which must be updated to patchi this
bug.
This bug is not inherent to RT itself; if you haven't installed the
LDAP overlay referenced above, this is not an issue for you.
Hope that's more clear!
--j
--
Jim Meyer, Geek at Large [EMAIL PROTECTED]
_______________________________________________
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
Community help: http://wiki.bestpractical.com
Commercial support: [EMAIL PROTECTED]
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
We're hiring! Come hack Perl for Best Practical:
http://bestpractical.com/about/jobs.html
