oss-sec mailing list archives
Re: CVE request: sthttpd world-redable logdir
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 22 Feb 2013 22:48:22 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/22/2013 06:12 AM, Agostino Sarubbo wrote:
Hello, sthttps[1], a fork of thttpd, a small, fast, multiplexing webserver. creates its log as world-redable: # ls -la /var/log/thttpd.log -rw-r--r-- 1 thttpd thttpd 0 Feb 22 14:05 /var/log/thttpd.log It should be only gentoo-related because the log is created by our own init- script. Please assign a CVE. [1]: http://opensource.dyc.edu/sthttpd
Please use CVE-2013-0348 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRKFgmAAoJEBYNRVNeJnmTqKkP/1GpZbbfiJY8ctOYtbbhBy5n QWVJLobpvUOWrlBaUjCPK60yyVJDtHFWmewyw/Kb5avA+LkHMOwSiQVp14izI1p2 fJP5WRBgo1PjgbSkG4HHzy9MbfKkHdVylbptfALoVM6oIC0sS2/wPRYiB0/pNUK4 2gA8Vo9Wn5KiX2UljIdm5xU2hMQZ3+7ZyADi3d8jYMbUbSqktMfAX86rEjBU+CvR ea1+80B318Oz6vEPUeRX9SWohixuCtxtbgMEV0c5X7X1Q55gxv+sVT3H8nEM9kea bTYHiahZNd8PmIUmxvAyC0G626mQG/C8WcO/fMG2ReTwV9iAb2KGPXPqR+yJ58W4 5cXO7vMlFWx0oEUjSfZnY06DFUL+TF1rkd7xSMNWtXnw4PN5+5hoMJ21YH3Sbsn8 UXmJ8H/7+0DVmIJTM2/nyyKNovzGCVSdERYm0pvR27ayHL64nTScf0kQpsERt/FZ 6GU3wgoFjn+ybDO8wA8q21IT+v5/5mk3ZTH4pD7tkwOD0n2gawZWd735B2KL5kCA 5ZdVHsPvTiKwzryiquaXIOqc+3qosTLA7bDfGRFL4qcU54BNJrQk/+ZrX4hUKwSY Ly4W862iQp9IsqTMv8HlJQ5HazM/FmSaRDleJ9Y7PWjf+9iqpBfMMxCaNvsSwVwg RrPfJlyDnwaO3opFOZH5 =vsxV -----END PGP SIGNATURE-----
Current thread:
- CVE request: sthttpd world-redable logdir Agostino Sarubbo (Feb 22)
- Re: CVE request: sthttpd world-redable logdir Kurt Seifried (Feb 22)