oss-sec mailing list archives

CVE request: sthttpd world-redable logdir

From: Agostino Sarubbo <ago () gentoo org>
Date: Fri, 22 Feb 2013 14:12:52 +0100

Hello,

sthttps[1], a fork of thttpd, a small, fast, multiplexing webserver.
creates its log as world-redable:

# ls -la /var/log/thttpd.log 
-rw-r--r-- 1 thttpd thttpd 0 Feb 22 14:05 /var/log/thttpd.log  

It should be only gentoo-related because the log is created by our own init-
script. Please assign a CVE.


[1]: http://opensource.dyc.edu/sthttpd
-- 
Agostino Sarubbo
Gentoo Linux Developer

Current thread:

CVE request: sthttpd world-redable logdir Agostino Sarubbo (Feb 22)
- Re: CVE request: sthttpd world-redable logdir Kurt Seifried (Feb 22)