Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE request: sthttpd world-redable logdir
From: Agostino Sarubbo <ago () gentoo org>
Date: Fri, 22 Feb 2013 14:12:52 +0100

Hello,

sthttps[1], a fork of thttpd, a small, fast, multiplexing webserver.
creates its log as world-redable:

# ls -la /var/log/thttpd.log 
-rw-r--r-- 1 thttpd thttpd 0 Feb 22 14:05 /var/log/thttpd.log  

It should be only gentoo-related because the log is created by our own init-
script. Please assign a CVE.


[1]: http://opensource.dyc.edu/sthttpd
-- 
Agostino Sarubbo
Gentoo Linux Developer


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]