Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE request: monkeyd world-readable logdir
From: Moritz Muehlenhoff <jmm () debian org>
Date: Tue, 26 Feb 2013 10:52:49 +0100

On Mon, Feb 25, 2013 at 02:02:00PM -0700, Kurt Seifried wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/24/2013 12:00 PM, Agostino Sarubbo wrote:
Monkeyd, a small, fast, and scalable web server, produces, at least
on gentoo a world-readable log.

# ls /var/log/monkeyd/master.log -la -rw-r--r-- 1 root root 0 Feb
24 19:56 /var/log/monkeyd/master.log

Upstream site: http://www.monkey-project.com/


This also doesn't look to be very active/widely used.

This is part of Debian stable, please do assign a CVE ID for proper tracking.

Cheers,
        Moritz


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault