Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 23 May 2012 11:59:58 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Matthias Weckbecker <mweckbecker@...e.de>
Subject: Re: CVE request(?): hostapd: improper file permissions
 of hostapd's config leaks credentials

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/23/2012 02:21 AM, Matthias Weckbecker wrote:
> Hi Kurt, Hi vendors,
> 
> not too critical in my opinion, but I think still worth to be at
> least mentioned briefly as other distros such as Fedora 16 were
> affected too:
> 
> https://bugzilla.novell.com/show_bug.cgi?id=740964

Please use CVE-2012-2389 for this issue.

> I'm not sure whether this issue should get a CVE, but in the past
> similar vulnerabilities got a CVE (e.g. CVE-2012-0863).

Indeed they have, my all time favourite example of this kind of flaw
is CVE-2002-0849 =).

> 
> Thanks, Matthias
> 


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPvSWeAAoJEBYNRVNeJnmTswEQAN4cL2LE+aZQFcP4qbQCLVx4
J7k22Qmt1RZvRt8oMTMOx/uYnVi60ZsxU4JxU+MuzFJadIQ2nfjk3wG6sXAvQ3FH
2VZf0aB8NchhGikIBw7u4imp6zC6Wx5UaREEWp2F3KToCCWbZv8jUg9eZGKryiqE
fzZmfAVNlgBjuSRJ1Pt3ictxkbuwfSINddSj3UZeZiZ5WcmcTxh8ZeurMm+PwxDB
GE3gsQ1vVuNROq2lKc0yl6d+syEPFRJKFd2eqQTwRTYYfZbNgwDyG3zzp6UL8zgb
02quSIarL0idEQ8R6IVf7OdK4KZAehEQgWgUJ48GaWv+cAEbqaTc6IYCjHx+/KlZ
mwrNJS8bB5kE3o21otDimi+vkEdaOF05MYPqa29tlkvFB3Uq04AJyz0BLlMHMd/3
FuWuPzBjFNqy8K4AllCxnz5Lcuz1Ppv6Qyu3oEBTVyZsMhHvDOc79hIMVZ3E3ZNK
RgBROYqx+7TE0yAEJaTmsTIy0q42aVB4q9sxo4fMoBE35HGVfK480Ct8wZc5ejV5
+8ZVCaH3AmbPkK3eh9/mms1RyLdQKl8ONJY9Y/BTgUUZD+CUqyWb3Wnyt5qJI4pN
yS/UrVRZp1ICU8/En55DzOfDtTbF0FQmeN3ANQUszqJF8th+SyylQZNW8AdEM4Cf
XdRhz8TpVjY2IXTqwRw/
=2J5e
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.