Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 30 Jul 2012 11:06:41 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Marcus Meissner <meissner@...e.de>
Subject: Re: CVE Request: icinga sample db creation scripts

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/30/2012 07:01 AM, Marcus Meissner wrote:
> Hi,
> 
> Icinga ships some sample DB creationscripts which give out too
> much privileges.
> 
> References: https://bugzilla.novell.com/show_bug.cgi?id=767319 
> https://git.icinga.org/?p=icinga-doc.git;a=commitdiff;h=619a08ca1178144b8a3a5caafff32a2d3918edab
>
> 
https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=712813d3118a5b9e5a496179cab81dbe91f69d63
> 
> Reported by Lars Vogdt of SUSE via Tim Hardeck to Incinga.
> 
> Ciao, Marcus

Please use CVE-2012-3441 for this issue.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJQFr8hAAoJEBYNRVNeJnmThm8QALEGeIMoU3GUHILe/0qxd5Cb
U9VTa5e2it5t34ccrXNpO8qocpWbMm38/wMlL+3ogE1aPrer8KwmRkTBIc0CpoVl
WqLE0cgwf3YlzaWhogs5kMRDDW8MknWi6WCrnXdEwSqGmIWw34xC0dvZVouo02TM
HHJlSB/VDFWlx5YpvuqNPb17K6rg+mQ1rbHV6kHDFH0O4PY8DAC1xbIS9nJN7Q6v
moqlJwAC9KuYBN6y3dcZtn/dJr3SF8VhP01HrJDhszPx3AwMklvw97hBF3CGeepJ
g2ZC+MhQh/EDpkdNN3hoBYnPnE3Id6XoB7Onv/7RnG9S0Mi6MK27SfvJpwscye8m
bCLv2NiHcijjZtGnWWQX/PRf98nIFGuTEIRpjL/z9skVkUKgDtIyco5xnUUCcYCv
0JJVzbWreCJ2KY7FFCn9RQFX21t17//zTVhC6e8ad4t1MWZRpuFdMcP+XIdlaf5Z
X32FienXrk8lzdB1c6nLdqnKE4CPZHUNfwL/AkhztLc1BhNrxcdMju4f/4j75jm5
fsW8V4O9wWypDjhXXTuHuj/JhBdkvp/BNP2NhyOV15ZOVDpI3xHTwW1e3T1OeYWd
UEdMP4sEDtXou4OS7P/WRaJ/5QTKzY2cZ4N6QWiF8DNH/dM59o+hI7r2oXB5CQti
r7Comaq2vJ67FkmTispH
=M/mm
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.