Security Bug?


#1

On Thu. 31.5. i have use the URL http://fsck.com/rt2/NoAuth/Buglist.html
from the TODO file to view the bugs.

On these page i follow the Ticket 27, and now i’m Jesse ! :slight_smile:

I have create the new queue test2 as Jesse. Then i will set new
Preferences. Noew i was a guest. What’s that?

Is this a security bug or a bad configuration ?

regards
Dirk Haenelt
IT-Leitstelle JVA Dresden


#2

There was a whacked-out configuration bug resulting from a permissions bug
on my server. It’s fixed now. Thanks!

While I greatly appreciate all bug reports, I’d be grateful if users
could report things that appear to be security bugs privately before posting
them publically. If it’s possible, I generally prefer to be able to announce
a fix for a security hole at the same time that the security hole is made
public.

    -jOn Thu, May 31, 2001 at 09:07:05AM +0200, Dirk Haenelt wrote:

On Thu. 31.5. i have use the URL http://fsck.com/rt2/NoAuth/Buglist.html
from the TODO file to view the bugs.

On these page i follow the Ticket 27, and now i’m Jesse ! :slight_smile:

I have create the new queue test2 as Jesse. Then i will set new
Preferences. Noew i was a guest. What’s that?

Is this a security bug or a bad configuration ?

regards

Dirk Haenelt
IT-Leitstelle JVA Dresden


rt-users mailing list
rt-users@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-users

jesse reed vincent – root@eruditorum.orgjesse@fsck.com
70EBAC90: 2A07 FC22 7DB4 42C1 9D71 0108 41A3 3FB3 70EB AC90

pretty soon we’re going to HAVE to have hypertext mail!
–Tim Berners Lee. (8 Jan 1993 on www-talk)