[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: sthttpd world-redable logdir
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2013-02-23 5:48:22
Message-ID: 51285826.2050806 () redhat ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/22/2013 06:12 AM, Agostino Sarubbo wrote:
> Hello,
> 
> sthttps[1], a fork of thttpd, a small, fast, multiplexing
> webserver. creates its log as world-redable:
> 
> # ls -la /var/log/thttpd.log -rw-r--r-- 1 thttpd thttpd 0 Feb 22
> 14:05 /var/log/thttpd.log
> 
> It should be only gentoo-related because the log is created by our
> own init- script. Please assign a CVE.
> 
> 
> [1]: http://opensource.dyc.edu/sthttpd

Please use CVE-2013-0348 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRKFgmAAoJEBYNRVNeJnmTqKkP/1GpZbbfiJY8ctOYtbbhBy5n
QWVJLobpvUOWrlBaUjCPK60yyVJDtHFWmewyw/Kb5avA+LkHMOwSiQVp14izI1p2
fJP5WRBgo1PjgbSkG4HHzy9MbfKkHdVylbptfALoVM6oIC0sS2/wPRYiB0/pNUK4
2gA8Vo9Wn5KiX2UljIdm5xU2hMQZ3+7ZyADi3d8jYMbUbSqktMfAX86rEjBU+CvR
ea1+80B318Oz6vEPUeRX9SWohixuCtxtbgMEV0c5X7X1Q55gxv+sVT3H8nEM9kea
bTYHiahZNd8PmIUmxvAyC0G626mQG/C8WcO/fMG2ReTwV9iAb2KGPXPqR+yJ58W4
5cXO7vMlFWx0oEUjSfZnY06DFUL+TF1rkd7xSMNWtXnw4PN5+5hoMJ21YH3Sbsn8
UXmJ8H/7+0DVmIJTM2/nyyKNovzGCVSdERYm0pvR27ayHL64nTScf0kQpsERt/FZ
6GU3wgoFjn+ybDO8wA8q21IT+v5/5mk3ZTH4pD7tkwOD0n2gawZWd735B2KL5kCA
5ZdVHsPvTiKwzryiquaXIOqc+3qosTLA7bDfGRFL4qcU54BNJrQk/+ZrX4hUKwSY
Ly4W862iQp9IsqTMv8HlJQ5HazM/FmSaRDleJ9Y7PWjf+9iqpBfMMxCaNvsSwVwg
RrPfJlyDnwaO3opFOZH5
=vsxV
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]