Date: Mon, 07 Apr 2014 22:00:10 +0200 From: Agostino Sarubbo <ago@...too.org> To: oss-security@...ts.openwall.com Cc: Tim Heckman <tim+sec@...erduty.com>, cve-assign@...re.org Subject: Re: CVE request: Icecast world readable log/logdir On Sunday 06 April 2014 20:32:35 Tim Heckman wrote: > Hello Agostino, > > I agree that world-readable log files is a problem and should be fixed. > However, should this be given a CVE? > > Do those log files contain any information that would be considered a > security risk? It's been quite a few years, admittedly, since I've worked > with Icecast so I don't remember if those files contain any information > that could be considered a problem. The access log looks to be very similar to a webserver access log which deserved a cve in the past. -- Agostino Sarubbo Gentoo Linux Developer
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ