Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 23 May 2012 11:59:58 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Matthias Weckbecker <mweckbecker@...e.de>
Subject: Re: CVE request(?): hostapd: improper file permissions
 of hostapd's config leaks credentials

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/23/2012 02:21 AM, Matthias Weckbecker wrote:
> Hi Kurt, Hi vendors,
> 
> not too critical in my opinion, but I think still worth to be at
> least mentioned briefly as other distros such as Fedora 16 were
> affected too:
> 
> https://bugzilla.novell.com/show_bug.cgi?id=740964

Please use CVE-2012-2389 for this issue.

> I'm not sure whether this issue should get a CVE, but in the past
> similar vulnerabilities got a CVE (e.g. CVE-2012-0863).

Indeed they have, my all time favourite example of this kind of flaw
is CVE-2002-0849 =).

> 
> Thanks, Matthias
> 


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPvSWeAAoJEBYNRVNeJnmTswEQAN4cL2LE+aZQFcP4qbQCLVx4
J7k22Qmt1RZvRt8oMTMOx/uYnVi60ZsxU4JxU+MuzFJadIQ2nfjk3wG6sXAvQ3FH
2VZf0aB8NchhGikIBw7u4imp6zC6Wx5UaREEWp2F3KToCCWbZv8jUg9eZGKryiqE
fzZmfAVNlgBjuSRJ1Pt3ictxkbuwfSINddSj3UZeZiZ5WcmcTxh8ZeurMm+PwxDB
GE3gsQ1vVuNROq2lKc0yl6d+syEPFRJKFd2eqQTwRTYYfZbNgwDyG3zzp6UL8zgb
02quSIarL0idEQ8R6IVf7OdK4KZAehEQgWgUJ48GaWv+cAEbqaTc6IYCjHx+/KlZ
mwrNJS8bB5kE3o21otDimi+vkEdaOF05MYPqa29tlkvFB3Uq04AJyz0BLlMHMd/3
FuWuPzBjFNqy8K4AllCxnz5Lcuz1Ppv6Qyu3oEBTVyZsMhHvDOc79hIMVZ3E3ZNK
RgBROYqx+7TE0yAEJaTmsTIy0q42aVB4q9sxo4fMoBE35HGVfK480Ct8wZc5ejV5
+8ZVCaH3AmbPkK3eh9/mms1RyLdQKl8ONJY9Y/BTgUUZD+CUqyWb3Wnyt5qJI4pN
yS/UrVRZp1ICU8/En55DzOfDtTbF0FQmeN3ANQUszqJF8th+SyylQZNW8AdEM4Cf
XdRhz8TpVjY2IXTqwRw/
=2J5e
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ