CVE-2011-4459 in Ubuntu

CVE-2011-4459

Priority

Low

Description

Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not
properly disable groups, which allows remote authenticated users to bypass
intended access restrictions in opportunistic circumstances by leveraging a
group membership.

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4459
http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674522
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674558
https://bugs.launchpad.net/bugs/1004835

Notes

jdstrand> regressions found in DSA-2480 (see bugs)

Package

Source: rt (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 8.04 LTS (Hardy Heron):	DNE
Ubuntu 10.04 LTS (Lucid Lynx):	DNE
Ubuntu 11.10 (Oneiric Ocelot):	DNE
Ubuntu 12.04 LTS (Precise Pangolin):	DNE
Ubuntu 12.10 (Quantal Quetzal):	DNE
Ubuntu 13.04 (Raring Ringtail):	DNE
Ubuntu 13.10 (Saucy Salamander):	DNE

Package

Source: request-tracker3.6 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 8.04 LTS (Hardy Heron):	ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):	DNE
Ubuntu 11.10 (Oneiric Ocelot):	DNE
Ubuntu 12.04 LTS (Precise Pangolin):	DNE
Ubuntu 12.10 (Quantal Quetzal):	DNE
Ubuntu 13.04 (Raring Ringtail):	DNE
Ubuntu 13.10 (Saucy Salamander):	DNE

Package

Source: request-tracker4 (LP Ubuntu Debian)

Upstream:	released (4.0.5-3)
Ubuntu 8.04 LTS (Hardy Heron):	DNE
Ubuntu 10.04 LTS (Lucid Lynx):	DNE
Ubuntu 11.10 (Oneiric Ocelot):	ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):	needs-triage
Ubuntu 12.10 (Quantal Quetzal):	not-affected (4.0.5-3)
Ubuntu 13.04 (Raring Ringtail):	not-affected (4.0.5-3)
Ubuntu 13.10 (Saucy Salamander):	not-affected (4.0.5-3)

Patches:

Vendor:

http://www.debian.org/security/2012/dsa-2480

Package

Source: request-tracker3.8 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 8.04 LTS (Hardy Heron):	DNE
Ubuntu 10.04 LTS (Lucid Lynx):	needs-triage
Ubuntu 11.10 (Oneiric Ocelot):	ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):	needs-triage
Ubuntu 12.10 (Quantal Quetzal):	DNE
Ubuntu 13.04 (Raring Ringtail):	DNE
Ubuntu 13.10 (Saucy Salamander):	DNE

More Information

Updated: 2013-05-09 15:15:56 UTC (commit 6824)