Insecure Default Config leads to security issue
Bug #1430750 reported by
Roman Schließmeyer
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tntnet (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
The default configuration file delivered with package tntnet prior to version 2.2.1 allows unauthenticated remote attackers to obtain critical system information. At least Ubuntu 10.04 and 12.04 - both still supported and not yet EOL - are still affected. This issue should also be considered with urgency „high“ and fixed immediately.
How to reproduce:
1) Install tntnet: apt-get install tntnet
2) Browse to: http://<IP-of-
System used to reproduce:
Description: Ubuntu 12.04.5 LTS
Release: 12.04
tntnet:
Installed: 2.0+dfsg1-2
Candidate: 2.0+dfsg1-2
See also:
Related branches
information type: | Private Security → Public Security |
summary: |
- Insecure Default Config leads to security issue (CVE-2013-7299) + Insecure Default Config leads to security issue |
description: | updated |
To post a comment you must log in.
Status changed to 'Confirmed' because the bug affects multiple users.