>Number:         17434
>Category:       pkg
>Synopsis:       URGENT: maintainer update port net/ipa 1.2.5 -> 1.2.7
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Sat Jun 29 16:48:00 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator:     Andrey Simonenko
>Release:        NetBSD/i386 1.5.1
>Organization:
>Environment:
NetBSD/i386 1.5.1 
>Description:
Please update port sysutils/ipa 1.2.5 -> 1.2.7 as quickly as possible.
I broked some functionality of IPA, but removed security problem from IPA (strange that nobody reported me about security problem with ipastat(8)).

1.2.7	30/06/2002	released
- SECURITY PROBLEM: I removed SUID bit from ipastat(8) due to security
  problems, and don't even try to set it back.
  Admins who use the "db_owner" parameter *and* use some safe 
  user/group, *and* din't forget to set the same safe user/group for
  the ipastat(8) program, as it was said in the SECURITY NOTE on the
  ipastat(8) manual page, should not worry a lot. Admins, who ignored
  that SECURITY NOTE, should double
  check security of their systems and change all passwords, secrets 
  eys, etc., if you think that somebody cracked your systems by
  ipastat(8).
  I'm sorry about this sad program mistake.
>How-To-Repeat:

>Fix:
I haven't NetBSD box right now, and can't give a diff for IPA's port, but I've just send update to FreeBSD, everything what should be updated is version number and checksums.

http://www.freebsd.org/cgi/query-pr.cgi?pr=40020



>Release-Note:
>Audit-Trail:
>Unformatted: