CVE-2008-1475 Information

Description

The xml-rpc server in Roundup 1.4.4 does not check property permissions which allows attackers to bypass restrictions and edit or read restricted properties via the (1) list (2) display and (3) set methods.

Reference

http://secunia.com/advisories/29336 http://secunia.com/advisories/29375 http://secunia.com/advisories/30274 http://secunia.com/advisories/32805 http://security.gentoo.org/glsa/glsa-200805-21.xml http://sourceforge.net/tracker/index.php?func=detail&aid=1907211&group_id=31577&atid=402788 http://www.securityfocus.com/bid/28238 http://www.vupen.com/english/advisories/2008/0891 https://bugzilla.redhat.com/show_bug.cgi?id=436546 https://exchange.xforce.ibmcloud.com/vulnerabilities/41240 https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00264.html https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00375.html https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00452.html https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00478.html