CVE-2011-4459

Priority
Low
Description
Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not
properly disable groups, which allows remote authenticated users to bypass
intended access restrictions in opportunistic circumstances by leveraging a
group membership.
References
Bugs
Notes
 jdstrand> regressions found in DSA-2480 (see bugs)
Package
Source: rt (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu Touch 15.04:DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 16.10 (Yakkety Yak):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu Touch 15.04:DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 16.10 (Yakkety Yak):DNE
Package
Upstream:released (4.0.5-3)
Ubuntu 12.04 LTS (Precise Pangolin):needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (4.0.5-3)
Ubuntu Touch 15.04:DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.0.5-3)
Ubuntu 16.10 (Yakkety Yak):not-affected (4.0.5-3)
Patches:
Vendor:http://www.debian.org/security/2012/dsa-2480
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu Touch 15.04:DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 16.10 (Yakkety Yak):DNE
More Information

Updated: 2016-10-19 10:16:43 UTC (commit 11638)