oss-sec mailing list archives

Re: CVE request: skunkweb world-readable logdir

From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 25 Feb 2013 14:00:22 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/24/2013 11:45 AM, Agostino Sarubbo wrote:

skunkweb, a robust Python web application server, produces a
world-readable log.

# ls -la /var/log/skunkweb/sw.log -rw-r--r-- 1 skunkweb skunkweb
4529 Feb 24 19:41 /var/log/skunkweb/sw.log

The development seems dead. Upstream site:
http://skunkweb.sourceforge.net/


This is not maintained/used much, not assigning a CVE for now.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRK9DmAAoJEBYNRVNeJnmTOo0P/RjyKdNoYacl23sSapKWCumQ
i0TwRj0A9q2jcJJ4xKiKrMmfqhL7OAZuvyWz1Pm3KuzQdxhZ3Sne1rRy4501Bp+4
TkREQOv50SByHEdozarM3Z5Nos5ysknW4yJIJtCHCFatAxPt0Ksizd+LLeQf7ic7
wSOOzFJPxkRORlTU118+iO+CwWUokuPGxPLiYBFTNtWYCRb+GUH+CdsP+qq64dHa
aWhFouUaCvl+M4uwkSwEAzhe1d4L7BpiRmffJVZKW+ELRkcEyXh1lq848Y8qhBOX
st59h+SJ9NIXrsvO6CSFcHmM2Xk1+sqGLBIZybWUJmn740HVlrE1UdruGE3XUlG1
q3oDBLkUuMb9G0OnsnQjxBzgFRIAemOa7Muv2Lpa7O9PNKJAzcare1Kh+tKfqFrM
QocRESKgXmssg+I+bo8/qOTRNTvnFO2mvogZVqunqFgVOQto3xxq0f8xCVbQh20+
FASnNx59qcEnmPSrxCKfU/Q2WbiF0A48Oobm+8W1zs/6duiqaX0twswSYcmFMcOE
HWonorW8JqMQ6dRbjahcOI9Xo6Gr25yFQN511XcUvukz6kX1SdERo4fMPVup6YKZ
kouTdcyjSNGgHCnCJZ71/ywaSsos3oTdPC6IaWEevC9vzPrwyevN+4cKoFOOSiT2
XwMMxurOOpzoFEAfMxx2
=as7y
-----END PGP SIGNATURE-----

Current thread:

CVE request: skunkweb world-readable logdir Agostino Sarubbo (Feb 24)
- Re: CVE request: skunkweb world-readable logdir Kurt Seifried (Feb 25)