oss-sec mailing list archives
Re: CVE request: webfs world-readable log
From: Agostino Sarubbo <ago () gentoo org>
Date: Fri, 22 Feb 2013 14:09:44 +0100
On Friday 22 February 2013 14:04:54 you wrote:
Hello, webfs[1], a Lightweight HTTP server for static content creates its log with world-readable permission: # ls /var/log/webfsd.log -la -rw-r--r-- 1 root root 0 Feb 22 14:02 /var/log/webfsd.log Please assign a CVE.
I forgot to mention the upstream website, http://linux.bytesex.org/misc/webfs.html and I forgot to mention that it should be gentoo-related because the logfile is created by our own init script. -- Agostino Sarubbo Gentoo Linux Developer
Current thread:
- CVE request: webfs world-readable log Agostino Sarubbo (Feb 22)
- Re: CVE request: webfs world-readable log Agostino Sarubbo (Feb 22)
- Re: Re: CVE request: webfs world-readable log Kurt Seifried (Feb 22)
- Re: CVE request: webfs world-readable log Agostino Sarubbo (Feb 22)