[Bug 1033899] Re: [Security] Default PAM settings allow execution of remote API commands without password
Just confirming that the fix for precise was released: xen-api (1.3.2-5ubuntu0.1) precise-security; urgency=low * SECURITY UPDATE: PAM settings allowed any local user to issue remote API commands (LP: #1031375) - debian/patches/pam-auth-root-xapi-group: Xapi only authenticates the root user when making API calls over HTTP. Based on Debian patch. -- Mike McClurg Thu, 26 Jul 2012 15:30:25 +0100 ** Changed in: xen-api (Ubuntu Precise) Status: Triaged => Fix Released ** Changed in: xen-api (Ubuntu Precise) Status: Fix Released => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1033899 Title: [Security] Default PAM settings allow execution of remote API commands without password To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen-api/+bug/1033899/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1033899] Re: [Security] Default PAM settings allow execution of remote API commands without password
precise has seen the end of its life and is no longer receiving any updates. Marking the precise task for this ticket as 'Won't Fix'. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1033899 Title: [Security] Default PAM settings allow execution of remote API commands without password To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen-api/+bug/1033899/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1033899] Re: [Security] Default PAM settings allow execution of remote API commands without password
@Mike, was this fixed for precise with the upload 1.3.2-5ubuntu0.1? Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1033899 Title: [Security] Default PAM settings allow execution of remote API commands without password To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen-api/+bug/1033899/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1033899] Re: [Security] Default PAM settings allow execution of remote API commands without password
Thanks everyone for helping fix this. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1033899 Title: [Security] Default PAM settings allow execution of remote API commands without password To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen-api/+bug/1033899/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1033899] Re: [Security] Default PAM settings allow execution of remote API commands without password
** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1033899 Title: [Security] Default PAM settings allow execution of remote API commands without password To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen-api/+bug/1033899/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1033899] Re: [Security] Default PAM settings allow execution of remote API commands without password
** Also affects: xen-api (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: xen-api (Ubuntu Quantal) Importance: Undecided Assignee: Mike McClurg (mike-mcclurg) Status: In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1033899 Title: [Security] Default PAM settings allow execution of remote API commands without password To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen-api/+bug/1033899/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1033899] Re: [Security] Default PAM settings allow execution of remote API commands without password
This bug was fixed in the package xen-api - 1.3.2-11 --- xen-api (1.3.2-11) unstable; urgency=high * Fix PAM settings to only allow root to issue remote commands (LP: #1033899) -- Mike McClurg mike.mccl...@citrix.com Wed, 22 Aug 2012 15:36:31 +0100 ** Changed in: xen-api (Ubuntu Quantal) Status: In Progress = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1033899 Title: [Security] Default PAM settings allow execution of remote API commands without password To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen-api/+bug/1033899/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1033899] Re: [Security] Default PAM settings allow execution of remote API commands without password
** Changed in: xen-api (Ubuntu Precise) Status: New = Triaged ** Changed in: xen-api (Ubuntu Precise) Assignee: (unassigned) = Mike McClurg (mike-mcclurg) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1033899 Title: [Security] Default PAM settings allow execution of remote API commands without password To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen-api/+bug/1033899/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1033899] Re: [Security] Default PAM settings allow execution of remote API commands without password
** Branch linked: lp:ubuntu/xen-api -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1033899 Title: [Security] Default PAM settings allow execution of remote API commands without password To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen-api/+bug/1033899/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs