Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 06 Apr 2014 19:32:41 +0200
From: Agostino Sarubbo <ago@...too.org>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: CVE request: Icecast world readable log/logdir

I just noticed that (at least on gentoo), the following package produces a 
world readable log:

Icecast (http://www.icecast.org):
# ls -la /var/log/icecast 
total 18648
drwxrw-r--  2 icecast nogroup     4096 Apr  6 12:23 .
drwxr-xr-x 15 root    root        4096 Apr  5 04:20 ..
-rw-r--r--  1 icecast nogroup  5646894 Apr  6 19:27 access.log
-rw-r--r--  1 icecast nogroup  3181987 Apr  6 19:27 error.log
-- 
Agostino Sarubbo
Gentoo Linux Developer

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ