oss-sec mailing list archives
RE: CVE request: nullmailer world readable /etc/nullmailer/remotes
From: "Christey, Steven M." <coley () mitre org>
Date: Fri, 9 Aug 2013 17:16:58 +0000
Agostino, Out of curiosity, what types of sensitive information are contained in this file that cause world-readable permissions to pose a vulnerability? - Steve
-----Original Message----- From: Agostino Sarubbo [mailto:ago () gentoo org] Sent: Friday, August 09, 2013 1:15 PM To: oss-security () lists openwall com Subject: [oss-security] CVE request: nullmailer world readable /etc/nullmailer/remotes Hello, On Gentoo, the file /etc/nullmailer/remotes is installed with wrong permissions: ~ # ls -la /etc/nullmailer/remotes -rw-r--r-- 1 root root 971 Aug 9 18:58 /etc/nullmailer/remotes Nullmailer-1.11-r2 contains the fix, all prior versions are affected. Please assign a CVE. -- Agostino Sarubbo Gentoo Linux Developer
Current thread:
- CVE request: nullmailer world readable /etc/nullmailer/remotes Agostino Sarubbo (Aug 09)
- RE: CVE request: nullmailer world readable /etc/nullmailer/remotes Christey, Steven M. (Aug 09)
- Re: CVE request: nullmailer world readable /etc/nullmailer/remotes William Pitcock (Aug 09)
- Re: CVE request: nullmailer world readable /etc/nullmailer/remotes Kurt Seifried (Aug 09)
- Re: CVE request: nullmailer world readable /etc/nullmailer/remotes William Pitcock (Aug 09)
- Re: CVE request: nullmailer world readable /etc/nullmailer/remotes Evan Teitelman (Aug 09)
- RE: CVE request: nullmailer world readable /etc/nullmailer/remotes Christey, Steven M. (Aug 09)