Common Vulnerabilities and Exposures assigned an identifier CVE-2009-1769 to the following vulnerability: The web interface in OCS Inventory NG 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1769 http://www.ocsinventory-ng.org/index.php?mact=News,cntnt01,detail,0&cntnt01articleid=133&cntnt01returnid=69 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529344 http://www.securityfocus.com/bid/35023 http://secunia.com/advisories/35157
ocsinventory-1.02.1-1.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/ocsinventory-1.02.1-1.fc11
ocsinventory-1.02.1-1.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/ocsinventory-1.02.1-1.fc10
ocsinventory-1.02.1-1.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/ocsinventory-1.02.1-1.fc9
ocsinventory-1.02.1-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
ocsinventory-1.02.1-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
ocsinventory-1.02.1-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: Fedora: https://admin.fedoraproject.org/updates/F10/FEDORA-2009-5773 https://admin.fedoraproject.org/updates/F11/FEDORA-2009-5769 https://admin.fedoraproject.org/updates/F9/FEDORA-2009-5764