Posted in ISC on July 28th, 2010 by ISC Handler
According to this announcement:
http://secunia.com/advisories/40780/
The problem is that passwords may in certain cases be logged to /var/log/messages while running GNOME Display Manager in debug mode (disabled by default)
This was originally reported on 02-15-2009 here:
https://bugzilla.gnome.org/show_bug.cgi?id=571846
A patch was issued the same day. A supported patch was issued 05-14-2010.
The secunia advisory did not have many details.
The sunblog link provided did not have very much information.
http://blogs.sun.com/security/entry/cve_2010_2387_password_disclosure
The CVE is reserved and not available yet.
The rest of the information is apparently in the Customer Are.
Does this mean we can count on a no public disclosure policy for SUN products now that Oracle owns them?
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
http://secunia.com/advisories/40780/
The problem is that passwords may in certain cases be logged to /var/log/messages while running GNOME Display Manager in debug mode (disabled by default)
This was originally reported on 02-15-2009 here:
https://bugzilla.gnome.org/show_bug.cgi?id=571846
A patch was issued the same day. A supported patch was issued 05-14-2010.
The secunia advisory did not have many details.
The sunblog link provided did not have very much information.
http://blogs.sun.com/security/entry/cve_2010_2387_password_disclosure
The CVE is reserved and not available yet.
The rest of the information is apparently in the Customer Are.
Does this mean we can count on a no public disclosure policy for SUN products now that Oracle owns them?
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
Tags: News
