oss-sec mailing list archives
Re: CVE request: varnish world-readable logdir
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 22 Feb 2013 22:47:26 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/22/2013 05:55 AM, Agostino Sarubbo wrote:
Hello, varnish[1], an high-performance HTTP accelerator, has a world-readable log/logdir. Please assign a CVE # ls -la /var/log/varnish/ total 8 drwxr-xr-x 2 root root 4096 Feb 22 13:48 . drwxr-xr-x 8 root root 4096 Feb 22 13:50 .. -rw-r--r-- 1 root root 0 Feb 22 13:48 access.log [1]: https://www.varnish-cache.org/
Please use CVE-2013-0345 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRKFfuAAoJEBYNRVNeJnmTpYEQALqOoWSvDZmyKWrqLG6vdcJY DZU9wYdpq/u8Dy7x2Q2EMRNorb7VzTtmWMWyjPyoYgN0le1IL/Eer7rfJK9Zzfnw /siLFkyt1TzZ3vvcBmDkCf2QyMpjKC4n1W3WczRhM2z7b8qfOZRTu+1Y2JaNoZTm azDT4Fb3W4rmQ5y7Yi9sUxEmMCxBrMor74nqk1lgjhDQ8NoG5CaEfdjtu9/P+8Vo QtdywuLb3M7vGL+W1ZnzyszVbs4do2tJL1bHeqH4FWcvbwqzGuYOGZjoelx+XOh3 FUUsxbXLvQgGAYDvWy84gN7evguAn5z6fX8RSyXoOR7lUP0/LR6SeQmB3gORDJ+e 5ilxPjUYjqrgv0e9Ik0csvxGoBuXSNW6B1S1B1uxM+22gW4WyhOlIu6qZTrjGnJk l27dMwCDkV5/YUbIn6LzwF7i1RZZUKU4wTq9D+JeahzK4xFLKb9BWJhMM4Zdyk/z doK/AfglZvxelGW9WlsAF6zFfVnlBIaiI34n/cMPnKFfxxUTBzeI2b7PTVnJY3EC IUJHK5T2YQX6oUuhbmI8i4GjdZ0RaKeb3dBS51/djx+3jwSRqzdFoglGZcnWGhC5 qftZ7bmL83GGVgMEZxGuNZQMQiKdY7J6pZ4QqXrbh9hU1B5hBHnOh8YAxKuPG1nh DuWPoKMtkf4dLiAg6VCn =DWGc -----END PGP SIGNATURE-----
Current thread:
- CVE request: varnish world-readable logdir Agostino Sarubbo (Feb 22)
- Re: CVE request: varnish world-readable logdir Kurt Seifried (Feb 22)