oss-sec mailing list archives
Re: CVE request: skunkweb world-readable logdir
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 25 Feb 2013 14:00:22 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/24/2013 11:45 AM, Agostino Sarubbo wrote:
skunkweb, a robust Python web application server, produces a world-readable log. # ls -la /var/log/skunkweb/sw.log -rw-r--r-- 1 skunkweb skunkweb 4529 Feb 24 19:41 /var/log/skunkweb/sw.log The development seems dead. Upstream site: http://skunkweb.sourceforge.net/
This is not maintained/used much, not assigning a CVE for now. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRK9DmAAoJEBYNRVNeJnmTOo0P/RjyKdNoYacl23sSapKWCumQ i0TwRj0A9q2jcJJ4xKiKrMmfqhL7OAZuvyWz1Pm3KuzQdxhZ3Sne1rRy4501Bp+4 TkREQOv50SByHEdozarM3Z5Nos5ysknW4yJIJtCHCFatAxPt0Ksizd+LLeQf7ic7 wSOOzFJPxkRORlTU118+iO+CwWUokuPGxPLiYBFTNtWYCRb+GUH+CdsP+qq64dHa aWhFouUaCvl+M4uwkSwEAzhe1d4L7BpiRmffJVZKW+ELRkcEyXh1lq848Y8qhBOX st59h+SJ9NIXrsvO6CSFcHmM2Xk1+sqGLBIZybWUJmn740HVlrE1UdruGE3XUlG1 q3oDBLkUuMb9G0OnsnQjxBzgFRIAemOa7Muv2Lpa7O9PNKJAzcare1Kh+tKfqFrM QocRESKgXmssg+I+bo8/qOTRNTvnFO2mvogZVqunqFgVOQto3xxq0f8xCVbQh20+ FASnNx59qcEnmPSrxCKfU/Q2WbiF0A48Oobm+8W1zs/6duiqaX0twswSYcmFMcOE HWonorW8JqMQ6dRbjahcOI9Xo6Gr25yFQN511XcUvukz6kX1SdERo4fMPVup6YKZ kouTdcyjSNGgHCnCJZ71/ywaSsos3oTdPC6IaWEevC9vzPrwyevN+4cKoFOOSiT2 XwMMxurOOpzoFEAfMxx2 =as7y -----END PGP SIGNATURE-----
Current thread:
- CVE request: skunkweb world-readable logdir Agostino Sarubbo (Feb 24)
- Re: CVE request: skunkweb world-readable logdir Kurt Seifried (Feb 25)