CVE-2008-1475

NameCVE-2008-1475
DescriptionThe xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read restricted properties via the (1) list, (2) display, and (3) set methods.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs484728

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
roundup (PTS)jessie, jessie (lts)1.4.20-1.1+deb8u2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
roundupsourceetch(not affected)
roundupsource(unstable)1.4.4-1.1medium484728

Notes

[etch] - roundup <not-affected> (xml-rpc code introduced in 1.4.0)
Search for package or bug name: Reporting problems