aru Posted May 27, 2004 Report Share Posted May 27, 2004 Mandrakesoft Security Advisories MDKSA-2004:052 : kolab-server Updated kolab-server package fixes world readable file vulnerability May 26th, 2004 Luca Villani reported the disclosure of critical configuration information within Kolab, the KDE Groupware server. The affected versions store OpenLDAP passwords in plain text. The heart of Kolab is an engine written in Perl that rewrites configuration for certain applications based on templates. The build() function in the engineleft slapd.conf world-readable exhibiting the OpenLDAP root password. The released versions of Mandrake GNU/Linux affected are: 10.0Full information about this advisory, including the updated packages, is available at: www.mandrakesoft.com/security/advisories?name=MDKSA-2004:052 Other references: http://www.kolab.org/pipermail/kolab-users...ril/000215.html Posted automatically by aru (mdksec2mub v0.0.9) Link to comment Share on other sites More sharing options...
Recommended Posts