Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 7 Apr 2014 23:05:42 -0400
From: Ben Corman <ben@...man.io>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: Icecast world readable log/logdir

This seems to be the behavior on Ubuntu 12.04 as well.

$ ls -al /var/log/icecast2/
total 1044
drwxr-xr-x  2 icecast2 icecast   4096 Apr  6 06:53 .
drwxr-xr-x 12 root     root      4096 Apr  7 06:30 ..
-rw-r--r--  1 icecast2 icecast 135830 Apr  7 22:59 access.log
-rw-r--r--  1 icecast2 icecast 339901 Apr  7 22:59 error.log

On Apr 6, 2014, at 1:32 PM, Agostino Sarubbo <ago@...too.org> wrote:

> I just noticed that (at least on gentoo), the following package produces a 
> world readable log:
> 
> Icecast (http://www.icecast.org):
> # ls -la /var/log/icecast 
> total 18648
> drwxrw-r--  2 icecast nogroup     4096 Apr  6 12:23 .
> drwxr-xr-x 15 root    root        4096 Apr  5 04:20 ..
> -rw-r--r--  1 icecast nogroup  5646894 Apr  6 19:27 access.log
> -rw-r--r--  1 icecast nogroup  3181987 Apr  6 19:27 error.log
> -- 
> Agostino Sarubbo
> Gentoo Linux Developer

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ