Weekly edition	Kernel	Security	Distributions	Contact Us	Search
Archives	Calendar	Subscribe	Write for LWN	LWN.net FAQ	Sponsors

apache-mod_auth_openid: local session ID disclosure

Package(s):

apache-mod_auth_openid

CVE #(s):

CVE-2012-2760

Created:

July 26, 2012

Updated:

August 1, 2012

Description:

From the Mandriva advisory:

mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids (CVE-2012-2760).

Alerts:

Mandriva

MDVSA-2012:114

2012-07-26

(Log in to post comments)