oss-sec mailing list archives
Re: CVE request: monkeyd world-readable logdir
From: Moritz Muehlenhoff <jmm () debian org>
Date: Tue, 26 Feb 2013 10:52:49 +0100
On Mon, Feb 25, 2013 at 02:02:00PM -0700, Kurt Seifried wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/24/2013 12:00 PM, Agostino Sarubbo wrote:Monkeyd, a small, fast, and scalable web server, produces, at least on gentoo a world-readable log. # ls /var/log/monkeyd/master.log -la -rw-r--r-- 1 root root 0 Feb 24 19:56 /var/log/monkeyd/master.log Upstream site: http://www.monkey-project.com/This also doesn't look to be very active/widely used.
This is part of Debian stable, please do assign a CVE ID for proper tracking.
Cheers,
Moritz
Current thread:
- CVE request: monkeyd world-readable logdir Agostino Sarubbo (Feb 24)
- Re: CVE request: monkeyd world-readable logdir Kurt Seifried (Feb 25)
- Re: CVE request: monkeyd world-readable logdir Agostino Sarubbo (Feb 26)
- Re: CVE request: monkeyd world-readable logdir Moritz Muehlenhoff (Feb 26)
- Re: CVE request: monkeyd world-readable logdir Kurt Seifried (Feb 26)
- Re: CVE request: monkeyd world-readable logdir Kurt Seifried (Feb 25)