** Summary changed:

- Insecure Default Config leads to security issue (CVE-2013-7299)
+ Insecure Default Config leads to security issue

** Description changed:

  The default configuration file delivered with package tntnet prior to
  version 2.2.1 allows unauthenticated remote attackers to obtain critical
- system information. This issue is already fixed in the debian package
- version 1.6.3-4+deb6u1 with urgency „high“, but at least Ubuntu 10.04
- and 12.04 - both still supported and not yet EOL - are still affected.
- This issue should also be considered with urgency „high“ and fixed
- immediately.
+ system information. At least Ubuntu 10.04 and 12.04 - both still
+ supported and not yet EOL - are still affected. This issue should also
+ be considered with urgency „high“ and fixed immediately.
  
  How to reproduce:
  
  1) Install tntnet: apt-get install tntnet
  2) Browse to: http://<IP-of-server>///etc/passwd
  
  System used to reproduce:
  
  Description:  Ubuntu 12.04.5 LTS
  Release:      12.04
  
  tntnet:
-   Installed: 2.0+dfsg1-2
-   Candidate: 2.0+dfsg1-2
+   Installed: 2.0+dfsg1-2
+   Candidate: 2.0+dfsg1-2
  
  See also:
  
- http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-7299.html
  https://launchpad.net/debian/+source/tntnet/+changelog
- https://launchpad.net/debian/+source/tntnet/1.6.3-4+deb6u1

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1430750

Title:
  Insecure Default Config leads to security issue

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tntnet/+bug/1430750/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to