[Bug 1031375] Re: [SECURITY] default PAM settings allow any local account to authenticate to xapi

Launchpad Bug Tracker Fri, 03 Aug 2012 16:35:40 -0700

This bug was fixed in the package xen-api - 1.3.2-5ubuntu0.1

---------------
xen-api (1.3.2-5ubuntu0.1) precise-security; urgency=low


  * SECURITY UPDATE: PAM settings allowed any local user to issue remote API
    commands (LP: #1031375)
    - debian/patches/pam-auth-root-xapi-group: Xapi only authenticates the
      root user when making API calls over HTTP. Based on Debian patch.
 -- Mike McClurg <mike.mccl...@citrix.com>   Thu, 26 Jul 2012 15:30:25 +0100

** Changed in: xen-api (Ubuntu Precise)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1031375

Title:
  [SECURITY] default PAM settings allow any local account to
  authenticate to xapi

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xen-api/+bug/1031375/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1031375] Re: [SECURITY] default PAM settings allow any local account to authenticate to xapi

Reply via email to