hi !
if you're running lenya 1.4 in production or in any situation where you
may have untrusted local users, or trusted users with a weird sense of
humour and advanced computer skills, you will want to comment out the
following section from your WEB-INF/cocoon.xconf and restart lenya:
<!--
<component-instance
class="org.apache.lenya.cms.ac.usecases.UserPassword"
logger="lenya.admin" name="admin.changePassword">
<view menu="true" template="usecases/admin/changePassword.jx">
<tab group="admin" name="users"/>
</view>
<exit usecase="admin.user"/>
</component-instance>
-->
there appears to be a local privilege escalation and dos exploit.
regards,
jörn
--
"Open source takes the bullshit out of software."
- Charles Ferguson on TechnologyReview.com
--
Jörn Nettingsmeier, EDV-Administrator
Institut für Politikwissenschaft
Universität Duisburg-Essen, Standort Duisburg
Mail: [EMAIL PROTECTED], Telefon: 0203/379-2736
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
