Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 22 Feb 2013 13:55:51 +0100
From: Agostino Sarubbo <ago@...too.org>
To: oss-security@...ts.openwall.com
Subject: CVE request: varnish world-readable logdir

Hello, varnish[1], an high-performance HTTP accelerator, has a world-readable 
log/logdir. Please assign a CVE


# ls -la /var/log/varnish/    
total 8                                                                                                                                                                             
drwxr-xr-x 2 root root 4096 Feb 22 13:48 .                                                                                                                                          
drwxr-xr-x 8 root root 4096 Feb 22 13:50 ..                                                                                                                                         
-rw-r--r-- 1 root root    0 Feb 22 13:48 access.log   


[1]: https://www.varnish-cache.org/

-- 
Agostino Sarubbo
Gentoo Linux Developer

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ