Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE request: nginx world-readable logdir
From: Henri Salo <henri () nerv fi>
Date: Thu, 21 Feb 2013 20:17:07 +0200

On Thu, Feb 21, 2013 at 06:50:14PM +0100, Agostino Sarubbo wrote:
Hello,

I just noticed my nginx logdir and its content are world-readable:

drwxr-xr-x  2 root root  4096 Jan 10 00:11 .
drwxr-xr-x 16 root root  4096 Feb 21 17:46 ..
-rw-r--r--  1 root root 69415 Feb 21 17:46 error_log
-rw-r--r--  1 root root 93017 Feb 18 22:03 localhost.access_log
-rw-r--r--  1 root root 86227 Feb 18 22:03 localhost.error_log

What do you think about?

-- 
Agostino Sarubbo / ago -at- gentoo.org
Gentoo Linux Developer

Also affects Debian squeeze package. I will report a bug. Can we get a CVE
assigned for this issue, thank you.

--
Henri Salo


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault