![oss-sec logo](/images/oss-sec-logo.png)
oss-sec mailing list archives
CVE request: nginx world-readable logdir
From: Henri Salo <henri () nerv fi>
Date: Thu, 21 Feb 2013 20:17:07 +0200
On Thu, Feb 21, 2013 at 06:50:14PM +0100, Agostino Sarubbo wrote:
Hello, I just noticed my nginx logdir and its content are world-readable: drwxr-xr-x 2 root root 4096 Jan 10 00:11 . drwxr-xr-x 16 root root 4096 Feb 21 17:46 .. -rw-r--r-- 1 root root 69415 Feb 21 17:46 error_log -rw-r--r-- 1 root root 93017 Feb 18 22:03 localhost.access_log -rw-r--r-- 1 root root 86227 Feb 18 22:03 localhost.error_log What do you think about? -- Agostino Sarubbo / ago -at- gentoo.org Gentoo Linux Developer
Also affects Debian squeeze package. I will report a bug. Can we get a CVE assigned for this issue, thank you. -- Henri Salo
Current thread:
- nginx world-readable logdir Agostino Sarubbo (Feb 21)
- Re: nginx world-readable logdir Henri Salo (Feb 21)
- CVE request: nginx world-readable logdir Henri Salo (Feb 21)
- Re: CVE request: nginx world-readable logdir Kurt Seifried (Feb 21)
- Re: CVE request: nginx world-readable logdir Anders Petersson (Feb 21)
- Re: CVE request: nginx world-readable logdir Anders Petersson (Feb 21)
- Re: CVE request: nginx world-readable logdir Kurt Seifried (Feb 21)
- Re: CVE request: nginx world-readable logdir Kurt Seifried (Feb 21)
- Re: nginx world-readable logdir Kurt Seifried (Feb 21)
- Re: nginx world-readable logdir gremlin (Feb 22)
- Re: nginx world-readable logdir Kurt Seifried (Feb 22)
- Re: nginx world-readable logdir Henri Salo (Feb 22)
- Re: nginx world-readable logdir gremlin (Feb 22)