Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 25 Feb 2013 14:02:00 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Agostino Sarubbo <ago@...too.org>
Subject: Re: CVE request: monkeyd world-readable logdir

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/24/2013 12:00 PM, Agostino Sarubbo wrote:
> Monkeyd, a small, fast, and scalable web server, produces, at least
> on gentoo a world-readable log.
> 
> # ls /var/log/monkeyd/master.log -la -rw-r--r-- 1 root root 0 Feb
> 24 19:56 /var/log/monkeyd/master.log
> 
> Upstream site: http://www.monkey-project.com/
> 

This also doesn't look to be very active/widely used.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRK9FIAAoJEBYNRVNeJnmTje0QAJ4xJB1qwVL1gWIHCS6HxZHp
7+GMwU7QeTYtmRVMmtbdAW38A55FylDGHO6LTNQP5CX+4sZgA8taLRrhCMTcTgzu
zvLNp4BeIIqtDwRD2QXIOII8xUastL4w5/X25zWFFbmMBOlQHy0SXwFqIOgzbdnO
bLBw6wJB6EkFY5X+oFcQtvnjT6VmQXEX2v4hTJR0Nl3x1AUD3A6+99V9XVgIsBKJ
MvkeGa59WIO9WXwMWpJNH5FqNL8KIqPBnqaKGcAgUFVMGb1grIcfb4wGXBI8L8ak
jP6NesjI/IAfsTYcgggHP8R1NFc3+nGtdW4nwwAZTg/85x6zMwh6egEwbfLIXc7B
MmiJCb1B6YneNjW5bI1bw0yUzKG7lEtnjZBcmjKRvFKDaUpGOd9bsuLfM4zx6Rpa
18qeNrr5vwql3NOMY+8JRw4/1mSL4y8Bb4G7j+dCxQY/t9sNF3x7LgYLWUmD76Yk
fgSjbIuO78ERdZcROgy0tgQrKvGT09/DTj9quMg4koGXgsoWek9nF4AMjQ2jKUWp
okEqfvOodcla5QfWk40JGWVksWh/pQf1JaTY1hG3vS8aon2Q/bjEBSniRxPp5QI5
TDgpjWzcya6wTGN8SKtXlskNjvGGXQvP5M4mCAwLnJ/HDPfZdHmScxGBtoZYd/v9
5JgoBdLcyLQ1Gn6kJz63
=9TG5
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.