oss-sec mailing list archives
Re: CVE request: monkeyd world-readable logdir
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 26 Feb 2013 13:32:48 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/26/2013 02:52 AM, Moritz Muehlenhoff wrote:
On Mon, Feb 25, 2013 at 02:02:00PM -0700, Kurt Seifried wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/24/2013 12:00 PM, Agostino Sarubbo wrote:Monkeyd, a small, fast, and scalable web server, produces, at least on gentoo a world-readable log. # ls /var/log/monkeyd/master.log -la -rw-r--r-- 1 root root 0 Feb 24 19:56 /var/log/monkeyd/master.log Upstream site: http://www.monkey-project.com/This also doesn't look to be very active/widely used.This is part of Debian stable, please do assign a CVE ID for proper tracking. Cheers, Moritz
Please use CVE-2013-1771 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRLRvwAAoJEBYNRVNeJnmTKgQQAJzXSyFBVWemJUzvOwSb7BwM zPLb3l/gxAWimB65e/+KdtENFHeKnRSnVm97WFWPMi8+QZ+fIqtiuGevTbxxB4ts riWFjb5oo8g02C72QJUI3biXXesd9+5fEqOs/eGypma0Q43iZ+hVyr9wFrhRS5du 1FPV15HTWHWBKlvChgzDILNo0xc7miSO8NrIBqwvDAm4LYybLySAg03jqPILyWWG CyzVpaSb3RuYfmD/tLNuKzgi2o30mTXBIyqCkINacBEfk6/4vf3N0SxdbTagT9ws LLnHMwgDfN1tkFH2eKRaACGrNH7ME3fsqFXs1ZhfC4cZoXvcqpn9n5sclKEB3pLp zYIeEtILRyMLyIiX6Js74kNNhO5+2IXsePuEDV/doiUNiQ2BcV9Z1xb3GzLWDy/8 lWaSlBF6ZI0hznHq+VdTF96dLXVrhY0qlPdKKEuisbO8aZWzYNVgJF8MHu4jSzVq Bv3NrnBgb8aC1kdGdJIV+0UF5AgN8uC1I1JR5TjwV3oEZZvm5QxuXl5CFw8lVED/ 1Uh1wFT0kg1fPc1szEM1n1uIYFQaQ/QRDaTlc4HwEW967xe2wjAuei/wEVxxivhI d5NiRiRS+lurwicYnNZ8YIm06DKDo6+mcGpHXBvMbU4Bgw5GPIK9J+5IKR7Q1ptc WJYlgoEdz8LJPyQu3yLq =4lMW -----END PGP SIGNATURE-----
Current thread:
- CVE request: monkeyd world-readable logdir Agostino Sarubbo (Feb 24)
- Re: CVE request: monkeyd world-readable logdir Kurt Seifried (Feb 25)
- Re: CVE request: monkeyd world-readable logdir Agostino Sarubbo (Feb 26)
- Re: CVE request: monkeyd world-readable logdir Moritz Muehlenhoff (Feb 26)
- Re: CVE request: monkeyd world-readable logdir Kurt Seifried (Feb 26)
- Re: CVE request: monkeyd world-readable logdir Kurt Seifried (Feb 25)