oss-sec mailing list archives
Bug#732283: CVE Request: Proc::Daemon writes pidfile with mode 666
From: cve-assign () mitre org
Date: Tue, 17 Dec 2013 20:04:31 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
christian mock <cm () coretec at> has reported[1] that Proc::Daemon, when instructed to write a pid file, does that with a umask set to 0, so the pid file ends up with world-writable permissions. Upstream bugreport is at [2]. [1] http://bugs.debian.org/732283 [2] https://rt.cpan.org/Ticket/Display.html?id=91450 Axel Beckert has commited a patch to the Debian packaging[3] and forwarded it to upstream. [3] http://anonscm.debian.org/gitweb/?p=pkg-perl/packages/libproc-daemon-perl.git;a=blob;f=debian/patches/pid.patch Could a CVE be assigend for this issue?
Use CVE-2013-7135. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJSsPPCAAoJEKllVAevmvmsDjkH/0ArQqMr437ZRT3i8pvsAP+6 Wc39qGXxcEZCPxSHGv9HdoeGrYBWBwLLWKjtPV+iSKE67BtBV1YS+j1ISI9ST6cz 93dhjxnN2n9VyvXStRTo3nj20wRkbWEyBWN1hUaR3niDb7bd+QqRd7m79MGY6VkG uAkXP5pJacezleLBM1900W3rvppbdU/tCe4Oc5pMSRUZU9V2XWB8Y9yrCOztYVH4 2sojMuUv9kMdeHRM9iskOw1oGPX4GK5eKj0c/unJ1w82zF/56hM5Rw+yqYIY0mcH er0Cl1N7TFPfQEVPhYg2s2kZUVOjA4UuHEWuArY3hv4m8XFC+GlBtkm36/7wfv0= =jG8p -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-dist-REQUEST () lists debian org with a subject of "unsubscribe". Trouble? Contact listmaster () lists debian org
Current thread:
- Bug#732283: CVE Request: Proc::Daemon writes pidfile with mode 666 cve-assign (Jan 07)