oss-sec mailing list archives
CVE request: keepalived pid file permissions issue
From: Yves-Alexis Perez <corsac () debian org>
Date: Tue, 10 May 2011 16:55:25 +0200
Hey, it was reported that keepalived (and some other daemons) store their pid file with permission 666. A bug was opened for keepalived in Debian, could a CVE be assigned to the issue? Bug text was: On mar., 2011-05-10 at 16:33 +0200, Martin Zobel-Helas wrote:
Package: keepalived Version: 1.1.12-1 Severity: grave Tags: security Hi, keepalive writes a public writeable pid file to /var/run -rw-rw-rw- 1 root root 5 2011-02-08 13:00 keepalived.pid Cheers, Martin reference: http://lists.debian.org/05578BFF-44FC-41B3-9E8E-C11B5B9A6C11 () gmail com
Thanks, -- Yves-Alexis
Current thread:
- CVE request: keepalived pid file permissions issue Yves-Alexis Perez (May 10)
- Re: CVE request: keepalived pid file permissions issue Josh Bressers (May 16)