Date: Mon, 16 May 2011 15:37:13 -0400 (EDT) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: Martin Zobel-Helas <zobel@...ian.org>, 626281@...s.debian.org, coley <coley@...re.org> Subject: Re: CVE request: keepalived pid file permissions issue Please use CVE-2011-1784 for this. Thanks. -- JB ----- Original Message ----- > Hey, > > it was reported that keepalived (and some other daemons) store their > pid > file with permission 666. A bug was opened for keepalived in Debian, > could a CVE be assigned to the issue? > > Bug text was: > > On mar., 2011-05-10 at 16:33 +0200, Martin Zobel-Helas wrote: > > Package: keepalived > > Version: 1.1.12-1 > > Severity: grave > > Tags: security > > > > Hi, > > > > keepalive writes a public writeable pid file to /var/run > > > > -rw-rw-rw- 1 root root 5 2011-02-08 13:00 keepalived.pid > > > > Cheers, > > Martin > > > > > > reference: > > http://lists.debian.org/05578BFF-44FC-41B3-9E8E-C11B5B9A6C11@...il.com > > Thanks, > -- > Yves-Alexis
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ