oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: monkeyd world-readable logdir

From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 25 Feb 2013 14:02:00 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/24/2013 12:00 PM, Agostino Sarubbo wrote:

Monkeyd, a small, fast, and scalable web server, produces, at least
on gentoo a world-readable log.

# ls /var/log/monkeyd/master.log -la -rw-r--r-- 1 root root 0 Feb
24 19:56 /var/log/monkeyd/master.log

Upstream site: http://www.monkey-project.com/



This also doesn't look to be very active/widely used.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRK9FIAAoJEBYNRVNeJnmTje0QAJ4xJB1qwVL1gWIHCS6HxZHp
7+GMwU7QeTYtmRVMmtbdAW38A55FylDGHO6LTNQP5CX+4sZgA8taLRrhCMTcTgzu
zvLNp4BeIIqtDwRD2QXIOII8xUastL4w5/X25zWFFbmMBOlQHy0SXwFqIOgzbdnO
bLBw6wJB6EkFY5X+oFcQtvnjT6VmQXEX2v4hTJR0Nl3x1AUD3A6+99V9XVgIsBKJ
MvkeGa59WIO9WXwMWpJNH5FqNL8KIqPBnqaKGcAgUFVMGb1grIcfb4wGXBI8L8ak
jP6NesjI/IAfsTYcgggHP8R1NFc3+nGtdW4nwwAZTg/85x6zMwh6egEwbfLIXc7B
MmiJCb1B6YneNjW5bI1bw0yUzKG7lEtnjZBcmjKRvFKDaUpGOd9bsuLfM4zx6Rpa
18qeNrr5vwql3NOMY+8JRw4/1mSL4y8Bb4G7j+dCxQY/t9sNF3x7LgYLWUmD76Yk
fgSjbIuO78ERdZcROgy0tgQrKvGT09/DTj9quMg4koGXgsoWek9nF4AMjQ2jKUWp
okEqfvOodcla5QfWk40JGWVksWh/pQf1JaTY1hG3vS8aon2Q/bjEBSniRxPp5QI5
TDgpjWzcya6wTGN8SKtXlskNjvGGXQvP5M4mCAwLnJ/HDPfZdHmScxGBtoZYd/v9
5JgoBdLcyLQ1Gn6kJz63
=9TG5
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: