oss-sec mailing list archives
CVE ASSIGN: pnp4nagios: process_perfdata.cfg world readable
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 06 Aug 2012 13:28:55 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683879 Package: pnp4nagios-bin Version: 0.6.16-1 Severity: important Tags: security Hi. Marking as severity important as it might have security implications. process_perfdata.cfg shouldn't be world-readable. Event though not used per default in Debian, it contains the "KEY" option which may be used (in alternative to "KEY_FILE") to hold the Gearman shared secret. Cheers, Chris. ============================== This affects 0.6 only, 0.4 doesn't support KEYS. # A shared password which will be used for # encryption of data pakets. Should be at least 8 # bytes long. Maximum length is 32 characters. # KEY = should_be_changed ============================= Please use CVE-2012-3457 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJQIBr2AAoJEBYNRVNeJnmTn3AQAJzz5cPSK4/1TGfNpO78cG7S Tos7jeicNmviWKsbE0QgzXmBqcOCq+Zrbi5bwhYBHpWHe60rBsFLETR0LEho0P03 HRy4PmAP7hd3Uj/4UBORdsDnMS2Tn7/4dVIIv25JAgsYTJLyKm5WpMW5Th1+YX19 qEagGADORA9Ed+St+v3dxkoA5Ux82R+a8Y+zYI3/sX2ajSjWWvp5c7Z/dMGAm/QG 26uxOxhBrFMVoa07ySbV2w0TE9xbEh1uqI33rwEK3sUgcRNnvnOD2j1F9tt3QoEY Qw5oUygazSf5ofgMFH0P/PNlqzCXngsU4/oaOcabVWx6zI2JrOjWfZNywNVfjjK5 YV2pzzMIG1cOl2y/3c9q0U5mUwdXEF7Z9rtdqGK0YfGJS+RsdkETiy43zTSRYS9y VXnTHarkikZ1/pNOiEqrVpeGUddri0YKWI8ZeXwThUzr1xvhC50i0+KoeZW1WWAz J2f+5VQBuyQU8mw8JXca+QJA+BsHy//TdP6EyFa5crpLPK4UzfmjGYdQKK3G8bpV HOmCJRSNu1jGvrvt4CErW1O2rr7OBKN8ATw6G64xWLCV2pPIQ3uhFCOYu6fUt2tY U2RYtRHjWLUJseu+LadzEwZ3FCJsFQGORHxrTucMCkAQ6QkDgm+9vyzMirdvKgHa dhN68WG5tZ4CecyHgZxq =HMaW -----END PGP SIGNATURE-----
Current thread:
- CVE ASSIGN: pnp4nagios: process_perfdata.cfg world readable Kurt Seifried (Aug 06)
- Re: CVE ASSIGN: pnp4nagios: process_perfdata.cfg world readable Christoph Anton Mitterer (Aug 06)