Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 10 May 2011 16:55:25 +0200
From: Yves-Alexis Perez <corsac@...ian.org>
To: oss-security@...ts.openwall.com
Cc: Martin Zobel-Helas <zobel@...ian.org>, 626281@...s.debian.org
Subject: CVE request: keepalived pid file permissions issue

Hey,

it was reported that keepalived (and some other daemons) store their pid
file with permission 666. A bug was opened for keepalived in Debian,
could a CVE be assigned to the issue?

Bug text was:

On mar., 2011-05-10 at 16:33 +0200, Martin Zobel-Helas wrote:
> Package: keepalived
> Version: 1.1.12-1
> Severity: grave
> Tags: security
> 
> Hi,
> 
> keepalive writes a public writeable pid file to /var/run
> 
> -rw-rw-rw-  1 root     root        5 2011-02-08 13:00 keepalived.pid
> 
> Cheers,
> Martin
> 
> 
> reference: http://lists.debian.org/05578BFF-44FC-41B3-9E8E-C11B5B9A6C11@...il.com

Thanks,
-- 
Yves-Alexis

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ