Just confirming that the fix for precise was released:
xen-api (1.3.2-5ubuntu0.1) precise-security; urgency=low
* SECURITY UPDATE: PAM settings allowed any local user to issue remote API
commands (LP: #1031375)
- debian/patches/pam-auth-root-xapi-group: Xapi only authenticates the
root user when making API calls over HTTP. Based on Debian patch.
-- Mike McClurg <[email protected]> Thu, 26 Jul 2012 15:30:25
+0100
** Changed in: xen-api (Ubuntu Precise)
Status: Triaged => Fix Released
** Changed in: xen-api (Ubuntu Precise)
Status: Fix Released => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1033899
Title:
[Security] Default PAM settings allow execution of remote API commands
without password
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xen-api/+bug/1033899/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
