LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

MRG Messaging 2.2: authentication bypass

Package(s):MRG Messaging 2.2 CVE #(s):CVE-2012-3467
Created:September 20, 2012 Updated:September 26, 2012
Description:

From the Red Hat advisory:

It was discovered that qpidd did not require authentication for "catch-up" shadow connections created when a new broker joins a cluster. A malicious client could use this flaw to bypass client authentication. (CVE-2012-3467)

Alerts:
Red Hat RHSA-2012:1277-01 2012-09-19
Red Hat RHSA-2012:1279-01 2012-09-19
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds