oss-sec mailing list archives

Re: CVE request: keepalived pid file permissions issue

From: Josh Bressers <bressers () redhat com>
Date: Mon, 16 May 2011 15:37:13 -0400 (EDT)

Please use CVE-2011-1784 for this.

Thanks.

-- 
    JB

----- Original Message -----

Hey,

it was reported that keepalived (and some other daemons) store their
pid
file with permission 666. A bug was opened for keepalived in Debian,
could a CVE be assigned to the issue?

Bug text was:

On mar., 2011-05-10 at 16:33 +0200, Martin Zobel-Helas wrote:

Package: keepalived
Version: 1.1.12-1
Severity: grave
Tags: security

Hi,

keepalive writes a public writeable pid file to /var/run

-rw-rw-rw- 1 root root 5 2011-02-08 13:00 keepalived.pid

Cheers,
Martin


reference:
http://lists.debian.org/05578BFF-44FC-41B3-9E8E-C11B5B9A6C11 () gmail com


Thanks,
--
Yves-Alexis

Current thread:

CVE request: keepalived pid file permissions issue Yves-Alexis Perez (May 10)
- Re: CVE request: keepalived pid file permissions issue Josh Bressers (May 16)