Re: CVE request: monkeyd world-readable logdir

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/26/2013 02:52 AM, Moritz Muehlenhoff wrote:
> On Mon, Feb 25, 2013 at 02:02:00PM -0700, Kurt Seifried wrote:
> > -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
> >
> > On 02/24/2013 12:00 PM, Agostino Sarubbo wrote:
> > > Monkeyd, a small, fast, and scalable web server, produces, at
> > > least on gentoo a world-readable log.
> > >
> > > # ls /var/log/monkeyd/master.log -la -rw-r--r-- 1 root root 0
> > > Feb 24 19:56 /var/log/monkeyd/master.log
> > >
> > > Upstream site: http://www.monkey-project.com/
> >
> > This also doesn't look to be very active/widely used.
>
> This is part of Debian stable, please do assign a CVE ID for proper
> tracking.
>
> Cheers, Moritz

Please use CVE-2013-1771 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRLRvwAAoJEBYNRVNeJnmTKgQQAJzXSyFBVWemJUzvOwSb7BwM
zPLb3l/gxAWimB65e/+KdtENFHeKnRSnVm97WFWPMi8+QZ+fIqtiuGevTbxxB4ts
riWFjb5oo8g02C72QJUI3biXXesd9+5fEqOs/eGypma0Q43iZ+hVyr9wFrhRS5du
1FPV15HTWHWBKlvChgzDILNo0xc7miSO8NrIBqwvDAm4LYybLySAg03jqPILyWWG
CyzVpaSb3RuYfmD/tLNuKzgi2o30mTXBIyqCkINacBEfk6/4vf3N0SxdbTagT9ws
LLnHMwgDfN1tkFH2eKRaACGrNH7ME3fsqFXs1ZhfC4cZoXvcqpn9n5sclKEB3pLp
zYIeEtILRyMLyIiX6Js74kNNhO5+2IXsePuEDV/doiUNiQ2BcV9Z1xb3GzLWDy/8
lWaSlBF6ZI0hznHq+VdTF96dLXVrhY0qlPdKKEuisbO8aZWzYNVgJF8MHu4jSzVq
Bv3NrnBgb8aC1kdGdJIV+0UF5AgN8uC1I1JR5TjwV3oEZZvm5QxuXl5CFw8lVED/
1Uh1wFT0kg1fPc1szEM1n1uIYFQaQ/QRDaTlc4HwEW967xe2wjAuei/wEVxxivhI
d5NiRiRS+lurwicYnNZ8YIm06DKDo6+mcGpHXBvMbU4Bgw5GPIK9J+5IKR7Q1ptc
WJYlgoEdz8LJPyQu3yLq
=4lMW
-----END PGP SIGNATURE-----