Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE request: monkeyd world-readable logdir
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 26 Feb 2013 13:32:48 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/26/2013 02:52 AM, Moritz Muehlenhoff wrote:
On Mon, Feb 25, 2013 at 02:02:00PM -0700, Kurt Seifried wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On 02/24/2013 12:00 PM, Agostino Sarubbo wrote:
Monkeyd, a small, fast, and scalable web server, produces, at
least on gentoo a world-readable log.

# ls /var/log/monkeyd/master.log -la -rw-r--r-- 1 root root 0
Feb 24 19:56 /var/log/monkeyd/master.log

Upstream site: http://www.monkey-project.com/


This also doesn't look to be very active/widely used.

This is part of Debian stable, please do assign a CVE ID for proper
tracking.

Cheers, Moritz


Please use CVE-2013-1771 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRLRvwAAoJEBYNRVNeJnmTKgQQAJzXSyFBVWemJUzvOwSb7BwM
zPLb3l/gxAWimB65e/+KdtENFHeKnRSnVm97WFWPMi8+QZ+fIqtiuGevTbxxB4ts
riWFjb5oo8g02C72QJUI3biXXesd9+5fEqOs/eGypma0Q43iZ+hVyr9wFrhRS5du
1FPV15HTWHWBKlvChgzDILNo0xc7miSO8NrIBqwvDAm4LYybLySAg03jqPILyWWG
CyzVpaSb3RuYfmD/tLNuKzgi2o30mTXBIyqCkINacBEfk6/4vf3N0SxdbTagT9ws
LLnHMwgDfN1tkFH2eKRaACGrNH7ME3fsqFXs1ZhfC4cZoXvcqpn9n5sclKEB3pLp
zYIeEtILRyMLyIiX6Js74kNNhO5+2IXsePuEDV/doiUNiQ2BcV9Z1xb3GzLWDy/8
lWaSlBF6ZI0hznHq+VdTF96dLXVrhY0qlPdKKEuisbO8aZWzYNVgJF8MHu4jSzVq
Bv3NrnBgb8aC1kdGdJIV+0UF5AgN8uC1I1JR5TjwV3oEZZvm5QxuXl5CFw8lVED/
1Uh1wFT0kg1fPc1szEM1n1uIYFQaQ/QRDaTlc4HwEW967xe2wjAuei/wEVxxivhI
d5NiRiRS+lurwicYnNZ8YIm06DKDo6+mcGpHXBvMbU4Bgw5GPIK9J+5IKR7Q1ptc
WJYlgoEdz8LJPyQu3yLq
=4lMW
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]