Pwned apache ID! ..... <br clear="all"><div style="text-align:center;font-family:verdana,sans-serif"><div style="text-align:right"><div style="text-align:left"><div style="text-align:left"><font size="1"><span style="font-variant:normal;font-family:verdana,sans-serif"><p style="text-align:center">

</p></span></font></div><div style="text-align:center;font-family:verdana,sans-serif"></div></div></div></div><div style="text-align:center"><div style="text-align:left"><font size="1"><span style="font-family:verdana,sans-serif"><i>Att. Kembolle Amilkar </i></span><br style="font-family:verdana,sans-serif">
<span style="font-family:verdana,sans-serif">#/</span><span style="font-family:verdana,sans-serif">[ <a href="http://www.kembolle.com.br" target="_blank">kembolle.com.br</a> ] - Consultoria Segurança da Informação. </span><br style="font-family:verdana,sans-serif">
<span style="font-family:verdana,sans-serif">#/ [ <a href="http://samurayconsultoria.com.br" target="_blank">samurayconsultoria.com.br</a> ] - Chief Security Officer - Samuray Consultoria. </span><br style="font-family:verdana,sans-serif">
<span style="font-family:verdana,sans-serif">#/ Systems Analyst | Esp. Information Security | Computer Forensic Expert | </span><br style="font-family:verdana,sans-serif"><span style="font-family:verdana,sans-serif">#/ Owasp Chapter Lider Cuiabá - <a href="https://www.owasp.org/index.php/Cuiaba" target="_blank">https://www.owasp.org/index.php/Cuiaba</a></span><br style="font-family:verdana,sans-serif">
<span style="font-family:verdana,sans-serif">#/ Mobile: [65] 9979-2925  && contato[at]<a href="http://kembolle.com.br" target="_blank">kembolle.com.br</a>.</span></font></div><div style="text-align:left"><font style="font-family:verdana,sans-serif;color:rgb(153,153,153)" size="1"><b></b></font></div>
</div>
<br>
<br><br><div class="gmail_quote">---------- Forwarded message ----------<br>From: <b class="gmail_sendername"></b> <span dir="ltr"><<a href="mailto:security@mandriva.com">security@mandriva.com</a>></span><br>Date: 2012/7/26<br>
Subject: [Full-disclosure] [ MDVSA-2012:114 ] apache-mod_auth_openid<br>To: <a href="mailto:full-disclosure@lists.grok.org.uk">full-disclosure@lists.grok.org.uk</a><br><br><br>-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<br>
 _______________________________________________________________________<br>
<br>
 Mandriva Linux Security Advisory                         MDVSA-2012:114<br>
 <a href="http://www.mandriva.com/security/" target="_blank">http://www.mandriva.com/security/</a><br>
 _______________________________________________________________________<br>
<br>
 Package : apache-mod_auth_openid<br>
 Date    : July 26, 2012<br>
 Affected: Enterprise Server 5.0<br>
 _______________________________________________________________________<br>
<br>
 Problem Description:<br>
<br>
 A vulnerability has been discovered and corrected in<br>
 apache-mod_auth_openid:<br>
<br>
 mod_auth_openid before 0.7 for Apache uses world-readable permissions<br>
 for /tmp/mod_auth_openid.db, which allows local users to obtain<br>
 session ids (CVE-2012-2760).<br>
<br>
 The updated packages have been upgraded to the latest version (0.7)<br>
 which is not affected by this issue.<br>
 _______________________________________________________________________<br>
<br>
 References:<br>
<br>
 <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2760" target="_blank">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2760</a><br>
 _______________________________________________________________________<br>
<br>
 Updated Packages:<br>
<br>
 Mandriva Enterprise Server 5:<br>
 848ec6ec7cbf005e519e3a6bf4d8bff2  mes5/i586/apache-mod_auth_openid-0.7-0.1mdvmes5.2.i586.rpm<br>
 0e38c57c1499be9ec13c68ff8a9a5917  mes5/SRPMS/apache-mod_auth_openid-0.7-0.1mdvmes5.2.src.rpm<br>
<br>
 Mandriva Enterprise Server 5/X86_64:<br>
 827c761f2b45a40cc8837821da9a6ff6  mes5/x86_64/apache-mod_auth_openid-0.7-0.1mdvmes5.2.x86_64.rpm<br>
 0e38c57c1499be9ec13c68ff8a9a5917  mes5/SRPMS/apache-mod_auth_openid-0.7-0.1mdvmes5.2.src.rpm<br>
 _______________________________________________________________________<br>
<br>
 To upgrade automatically use MandrivaUpdate or urpmi.  The verification<br>
 of md5 checksums and GPG signatures is performed automatically for you.<br>
<br>
 All packages are signed by Mandriva for security.  You can obtain the<br>
 GPG public key of the Mandriva Security Team by executing:<br>
<br>
  gpg --recv-keys --keyserver <a href="http://pgp.mit.edu" target="_blank">pgp.mit.edu</a> 0x22458A98<br>
<br>
 You can view other update advisories for Mandriva Linux at:<br>
<br>
  <a href="http://www.mandriva.com/security/advisories" target="_blank">http://www.mandriva.com/security/advisories</a><br>
<br>
 If you want to report vulnerabilities, please contact<br>
<br>
  security_(at)_<a href="http://mandriva.com" target="_blank">mandriva.com</a><br>
 _______________________________________________________________________<br>
<br>
 Type Bits/KeyID     Date       User ID<br>
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team<br>
  <security*<a href="http://mandriva.com" target="_blank">mandriva.com</a>><br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v1.4.11 (GNU/Linux)<br>
<br>
iD8DBQFQETlRmqjQ0CJFipgRAtigAJ9i+tyH6Fo8o+0EAYY4G1IYAalx0QCghkdn<br>
ruhzDNGOALVIdzZ1BbHnSc4=<br>
=WHeW<br>
-----END PGP SIGNATURE-----<br>
<br>
_______________________________________________<br>
Full-Disclosure - We believe in it.<br>
Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html" target="_blank">http://lists.grok.org.uk/full-disclosure-charter.html</a><br>
Hosted and sponsored by Secunia - <a href="http://secunia.com/" target="_blank">http://secunia.com/</a><br>
</div><br>