oss-sec mailing list archives
CVE request: sthttpd world-redable logdir
From: Agostino Sarubbo <ago () gentoo org>
Date: Fri, 22 Feb 2013 14:12:52 +0100
Hello, sthttps[1], a fork of thttpd, a small, fast, multiplexing webserver. creates its log as world-redable: # ls -la /var/log/thttpd.log -rw-r--r-- 1 thttpd thttpd 0 Feb 22 14:05 /var/log/thttpd.log It should be only gentoo-related because the log is created by our own init- script. Please assign a CVE. [1]: http://opensource.dyc.edu/sthttpd -- Agostino Sarubbo Gentoo Linux Developer
Current thread:
- CVE request: sthttpd world-redable logdir Agostino Sarubbo (Feb 22)
- Re: CVE request: sthttpd world-redable logdir Kurt Seifried (Feb 22)