[pkg-eucalyptus-maintainers] Bug#608289: Bug#608289: CVE-2010-3905
Steffen Möller
steffen_moeller at gmx.de
Fri Dec 31 16:03:40 UTC 2010
On 12/31/2010 03:45 PM, Charles Plessy wrote:
> tag 608289 + moreinfo
> thanks
>
> Le Wed, Dec 29, 2010 at 06:35:59PM +0100, Giuseppe Iuculano a écrit :
>> Package: eucalyptus
>> Severity: serious
>> Tags: security
>>
>> CVE-2010-3905[0]:
>> | The password reset feature in the administrator interface for
>> | Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which
>> | allows remote attackers to gain privileges by sending password reset
>> | requests for other users.
>
> Dear Giuseppe and Eucalyptus packagers,
>
> Do you know if this bug also affects Eucalyptus 1.6.2 ? If not, we can close
> it, since Debian does not distribute 2.0.0 or 2.0.1, and since I suppose that
> we will jump directly to 2.0.2 or later when we will upgrade the package.
It also works with 1.6. I just tested it. Ouch.
Many greetings
Steffen
More information about the pkg-eucalyptus-maintainers
mailing list