Bug 174837 - CVE-2005-3630 use of IFRAME exposes password from adm.conf for users
CVE-2005-3630 use of IFRAME exposes password from adm.conf for users
Status: CLOSED CURRENTRELEASE
Product: 389
Classification: Community
Component: UI - General UI (Show other bugs)
1.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Rich Megginson
Viktor Ashirov
: Security
Depends On:
Blocks: 152373 240316
  Show dependency treegraph
 
Reported: 2005-12-02 12:14 EST by Frank Reppin
Modified: 2015-12-07 11:46 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-12-07 11:46:48 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
list of files for fix (82 bytes, text/plain)
2005-12-07 14:37 EST, Rich Megginson
no flags Details
diffs for fix (4.78 KB, text/plain)
2005-12-07 14:39 EST, Rich Megginson
no flags Details

  None (edit)
Description Frank Reppin 2005-12-02 12:14:50 EST
Description of problem:

Please see attached 'step-by-step' guide to
reproduce what I've discovered.

Version-Release number of selected component (if applicable):

Name        : fedora-ds
Version     : 1.0
Release     : 2.Linux
Build Date:   Tue 29 Nov 2005 11:38:37 PM CET

Additional info:

informed 'secalert@redhat.com' as well
Comment 2 Rich Megginson 2005-12-07 11:04:29 EST
A patch file has been created to fix the flaw.  See
http://directory.fedora.redhat.com/wiki/FDS10Announcement for information about
how to download the patch and how to apply it to the FDS 1.0 installation.
Comment 3 Rich Megginson 2005-12-07 14:37:54 EST
Created attachment 121993 [details]
list of files for fix
Comment 4 Rich Megginson 2005-12-07 14:39:02 EST
Created attachment 121994 [details]
diffs for fix
Comment 5 Rich Megginson 2005-12-07 15:51:46 EST
Checking in adminserver/admserv/cfgstuff/admserv.conf;
/cvs/dirsec/adminserver/admserv/cfgstuff/admserv.conf,v  <--  admserv.conf
new revision: 1.12; previous revision: 1.11
done
Checking in adminserver/admserv/cfgstuff/httpd.conf;
/cvs/dirsec/adminserver/admserv/cfgstuff/httpd.conf,v  <--  httpd.conf
new revision: 1.7; previous revision: 1.6
done
Comment 6 Mark J. Cox (Product Security) 2005-12-12 05:26:51 EST
Making public as wiki page contains a link to this bug.
Comment 7 Michael Gregg 2007-11-15 18:41:29 EST
verified aginst:
1193765112 idm-console-framework-1.1.0-5.el5idm Tue Oct 30 2007 
1193765112 redhat-idm-console-1.0.0-13.el5idm Tue Oct 30 2007 
1194380792 tftp-0.42-3.1 Tue Nov 06 2007 
1195006662 subversion-1.4.2-2.el5 Tue Nov 13 2007 
1195169113 redhat-ds-base-8.0.0-11.el5dsrv Thu Nov 15 2007 
1195169115 redhat-ds-admin-8.0.0-1.15.el5dsrv Thu Nov 15 2007 
1195169117 redhat-ds-console-8.0.0-8.el5dsrv Thu Nov 15 2007 
1195169118 redhat-admin-console-8.0.0-9.el5dsrv Thu Nov 15 2007 

Note You need to log in before you can comment on or make changes to this bug.