Lucene search
GoogleOSV:DSA-2259-1HistoryJun 12, 2011 - 12:00 a.m.
fex - authentication bypass
2011-06-1200:00:00
Google
osv.dev
9
EPSS
0.007
Percentile
79.5%
It was discovered that F*EX, a web service for transferring very large
files, is not properly validating authentication IDs. While the service
properly validates existing authentication IDs, an attacker who is not
specifying any authentication ID at all can bypass the authentication
procedure.
The oldstable distribution (lenny) does not include fex.
For the stable distribution (squeeze), this problem has been fixed in
version 20100208+debian1-1+squeeze1.
For the testing distribution (wheezy), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in
version 20110610-1.
We recommend that you upgrade your fex packages.
References
Related
prion
prion
Authentication flaw
2011-06-24 20:55:00
openvas
openvas
Debian Security Advisory DSA 2259-1 (fex)
2011-08-03 00:00:00
Debian: Security Advisory (DSA-2259-1)
2011-08-03 00:00:00
debian
debian
[SECURITY] [DSA 2259-1] fex security update
2011-06-12 18:56:47
securityvulns
securityvulns
[SECURITY] [DSA 2259-1] fex security update
2011-06-15 00:00:00
ubuntucve
ubuntucve
CVE-2011-1409
2011-06-24 00:00:00
nessus
nessus
Debian DSA-2259-1 : fex - authentication bypass
2011-06-13 00:00:00
cve
cve
CVE-2011-1409
2011-06-24 20:55:02
cvelist
cvelist
CVE-2011-1409
2011-06-24 20:00:00
debiancve
debiancve
CVE-2011-1409
2011-06-24 20:55:02
nvd
nvd
CVE-2011-1409
2011-06-24 20:55:02