Package: irm Version: 1.5.1.1-2 Severity: serious Tags: security CVE: CAN-2005-0505
According to http://sourceforge.net/project/shownotes.php?release_id=306629 : IRM 1.5.2.1 fixes a potential security flaw in the LDAP login code. All users (especially those running on LDAP) are urged to upgrade. http://secunia.com/advisories/14342 has a bit more info: Fulvio Civitareale has reported a vulnerability in IRM, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error in the LDAP login code where a user with a non-existent username can login. Please mention CAN-2005-0505 in any changelog entries. -- see shy jo
signature.asc
Description: Digital signature