oss-sec mailing list archives
CVE request: psi+ stores the cache file as world-readable
From: Agostino Sarubbo <ago () gentoo org>
Date: Tue, 26 Feb 2013 23:04:24 +0100
Psi+, a fork of psi, stores its files in ~/.cache/psi+ as world-readable. ~/.cache $ ls -la psi+/ total 52 drwxr-xr-x 5 ago ago 4096 feb 25 09:41 . drwx------ 5 ago ago 4096 feb 24 23:58 .. drwxr-xr-x 2 ago ago 4096 feb 25 09:41 avatars drwxr-xr-x 2 ago ago 4096 feb 25 09:33 bob -rw-r--r-- 1 ago ago 32610 feb 25 09:41 caps.xml drwxr-xr-x 3 ago ago 4096 feb 24 23:58 profiles An unauthorized user could read sensitive informations in such dir. Probably psi is affected as well. -- Agostino Sarubbo Gentoo Linux Developer
Current thread:
- CVE request: psi+ stores the cache file as world-readable Agostino Sarubbo (Feb 26)
- Re: CVE request: psi+ stores the cache file as world-readable Seth Arnold (Feb 26)
- Re: CVE request: psi+ stores the cache file as world-readable Agostino Sarubbo (Feb 26)
- Re: CVE request: psi+ stores the cache file as world-readable Kurt Seifried (Feb 26)
- Re: CVE request: psi+ stores the cache file as world-readable gremlin (Feb 26)
- Re: CVE request: psi+ stores the cache file as world-readable Russ Allbery (Feb 26)
- Re: CVE request: psi+ stores the cache file as world-readable gremlin (Feb 26)
- Re: CVE request: psi+ stores the cache file as world-readable Agostino Sarubbo (Feb 27)
- Re: CVE request: psi+ stores the cache file as world-readable Russ Allbery (Feb 26)
- Re: CVE request: psi+ stores the cache file as world-readable Seth Arnold (Feb 26)