Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 22 Feb 2013 13:55:51 +0100
From: Agostino Sarubbo <ago@...too.org>
To: oss-security@...ts.openwall.com
Subject: CVE request: varnish world-readable logdir

Hello, varnish[1], an high-performance HTTP accelerator, has a world-readable 
log/logdir. Please assign a CVE


# ls -la /var/log/varnish/    
total 8                                                                                                                                                                             
drwxr-xr-x 2 root root 4096 Feb 22 13:48 .                                                                                                                                          
drwxr-xr-x 8 root root 4096 Feb 22 13:50 ..                                                                                                                                         
-rw-r--r-- 1 root root    0 Feb 22 13:48 access.log   


[1]: https://www.varnish-cache.org/

-- 
Agostino Sarubbo
Gentoo Linux Developer

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.