Description of problem: Please see attached 'step-by-step' guide to reproduce what I've discovered. Version-Release number of selected component (if applicable): Name : fedora-ds Version : 1.0 Release : 2.Linux Build Date: Tue 29 Nov 2005 11:38:37 PM CET Additional info: informed 'secalert' as well
A patch file has been created to fix the flaw. See http://directory.fedora.redhat.com/wiki/FDS10Announcement for information about how to download the patch and how to apply it to the FDS 1.0 installation.
Created attachment 121993 [details] list of files for fix
Created attachment 121994 [details] diffs for fix
Checking in adminserver/admserv/cfgstuff/admserv.conf; /cvs/dirsec/adminserver/admserv/cfgstuff/admserv.conf,v <-- admserv.conf new revision: 1.12; previous revision: 1.11 done Checking in adminserver/admserv/cfgstuff/httpd.conf; /cvs/dirsec/adminserver/admserv/cfgstuff/httpd.conf,v <-- httpd.conf new revision: 1.7; previous revision: 1.6 done
Making public as wiki page contains a link to this bug.
verified aginst: 1193765112 idm-console-framework-1.1.0-5.el5idm Tue Oct 30 2007 1193765112 redhat-idm-console-1.0.0-13.el5idm Tue Oct 30 2007 1194380792 tftp-0.42-3.1 Tue Nov 06 2007 1195006662 subversion-1.4.2-2.el5 Tue Nov 13 2007 1195169113 redhat-ds-base-8.0.0-11.el5dsrv Thu Nov 15 2007 1195169115 redhat-ds-admin-8.0.0-1.15.el5dsrv Thu Nov 15 2007 1195169117 redhat-ds-console-8.0.0-8.el5dsrv Thu Nov 15 2007 1195169118 redhat-admin-console-8.0.0-9.el5dsrv Thu Nov 15 2007