Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2006-4244

Published: 31 August 2006

SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value.

Priority

Unknown

Status

Package Release Status
sql-ledger
Launchpad, Ubuntu, Debian
dapper Ignored
(end of life)
edgy
Released (2.6.19-1)
feisty
Released (2.6.19-1)
gutsy
Released (2.6.19-1)
hardy
Released (2.6.19-1)
intrepid
Released (2.6.19-1)
jaunty
Released (2.6.19-1)
karmic
Released (2.6.19-1)
upstream Needs triage