CVE-2006-4244
Published: 31 August 2006
SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value.
Priority
Status
Package | Release | Status |
---|---|---|
sql-ledger Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
edgy |
Released
(2.6.19-1)
|
|
feisty |
Released
(2.6.19-1)
|
|
gutsy |
Released
(2.6.19-1)
|
|
hardy |
Released
(2.6.19-1)
|
|
intrepid |
Released
(2.6.19-1)
|
|
jaunty |
Released
(2.6.19-1)
|
|
karmic |
Released
(2.6.19-1)
|
|
upstream |
Needs triage
|