oss-sec mailing list archives
Re: CVE request(?): hostapd: improper file permissions of hostapd's config leaks credentials
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 23 May 2012 11:59:58 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/23/2012 02:21 AM, Matthias Weckbecker wrote:
Hi Kurt, Hi vendors, not too critical in my opinion, but I think still worth to be at least mentioned briefly as other distros such as Fedora 16 were affected too: https://bugzilla.novell.com/show_bug.cgi?id=740964
Please use CVE-2012-2389 for this issue.
I'm not sure whether this issue should get a CVE, but in the past similar vulnerabilities got a CVE (e.g. CVE-2012-0863).
Indeed they have, my all time favourite example of this kind of flaw is CVE-2002-0849 =).
Thanks, Matthias
- -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPvSWeAAoJEBYNRVNeJnmTswEQAN4cL2LE+aZQFcP4qbQCLVx4 J7k22Qmt1RZvRt8oMTMOx/uYnVi60ZsxU4JxU+MuzFJadIQ2nfjk3wG6sXAvQ3FH 2VZf0aB8NchhGikIBw7u4imp6zC6Wx5UaREEWp2F3KToCCWbZv8jUg9eZGKryiqE fzZmfAVNlgBjuSRJ1Pt3ictxkbuwfSINddSj3UZeZiZ5WcmcTxh8ZeurMm+PwxDB GE3gsQ1vVuNROq2lKc0yl6d+syEPFRJKFd2eqQTwRTYYfZbNgwDyG3zzp6UL8zgb 02quSIarL0idEQ8R6IVf7OdK4KZAehEQgWgUJ48GaWv+cAEbqaTc6IYCjHx+/KlZ mwrNJS8bB5kE3o21otDimi+vkEdaOF05MYPqa29tlkvFB3Uq04AJyz0BLlMHMd/3 FuWuPzBjFNqy8K4AllCxnz5Lcuz1Ppv6Qyu3oEBTVyZsMhHvDOc79hIMVZ3E3ZNK RgBROYqx+7TE0yAEJaTmsTIy0q42aVB4q9sxo4fMoBE35HGVfK480Ct8wZc5ejV5 +8ZVCaH3AmbPkK3eh9/mms1RyLdQKl8ONJY9Y/BTgUUZD+CUqyWb3Wnyt5qJI4pN yS/UrVRZp1ICU8/En55DzOfDtTbF0FQmeN3ANQUszqJF8th+SyylQZNW8AdEM4Cf XdRhz8TpVjY2IXTqwRw/ =2J5e -----END PGP SIGNATURE-----
Current thread:
- CVE request(?): hostapd: improper file permissions of hostapd's config leaks credentials Matthias Weckbecker (May 23)
- Re: CVE request(?): hostapd: improper file permissions of hostapd's config leaks credentials Jan Lieskovsky (May 23)
- Re: CVE request(?): hostapd: improper file permissions of hostapd's config leaks credentials Matthias Weckbecker (May 23)
- Re: CVE request(?): hostapd: improper file permissions of hostapd's config leaks credentials Kurt Seifried (May 23)
- Re: CVE request(?): hostapd: improper file permissions of hostapd's config leaks credentials Jan Lieskovsky (May 23)