** Summary changed: - Insecure Default Config leads to security issue (CVE-2013-7299) + Insecure Default Config leads to security issue
** Description changed: The default configuration file delivered with package tntnet prior to version 2.2.1 allows unauthenticated remote attackers to obtain critical - system information. This issue is already fixed in the debian package - version 1.6.3-4+deb6u1 with urgency „high“, but at least Ubuntu 10.04 - and 12.04 - both still supported and not yet EOL - are still affected. - This issue should also be considered with urgency „high“ and fixed - immediately. + system information. At least Ubuntu 10.04 and 12.04 - both still + supported and not yet EOL - are still affected. This issue should also + be considered with urgency „high“ and fixed immediately. How to reproduce: 1) Install tntnet: apt-get install tntnet 2) Browse to: http://<IP-of-server>///etc/passwd System used to reproduce: Description: Ubuntu 12.04.5 LTS Release: 12.04 tntnet: - Installed: 2.0+dfsg1-2 - Candidate: 2.0+dfsg1-2 + Installed: 2.0+dfsg1-2 + Candidate: 2.0+dfsg1-2 See also: - http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-7299.html https://launchpad.net/debian/+source/tntnet/+changelog - https://launchpad.net/debian/+source/tntnet/1.6.3-4+deb6u1 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1430750 Title: Insecure Default Config leads to security issue To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tntnet/+bug/1430750/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs