Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 16 May 2011 15:37:13 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: Martin Zobel-Helas <zobel@...ian.org>, 626281@...s.debian.org,
        coley <coley@...re.org>
Subject: Re: CVE request: keepalived pid file permissions
 issue

Please use CVE-2011-1784 for this.

Thanks.

-- 
    JB

----- Original Message -----
> Hey,
> 
> it was reported that keepalived (and some other daemons) store their
> pid
> file with permission 666. A bug was opened for keepalived in Debian,
> could a CVE be assigned to the issue?
> 
> Bug text was:
> 
> On mar., 2011-05-10 at 16:33 +0200, Martin Zobel-Helas wrote:
> > Package: keepalived
> > Version: 1.1.12-1
> > Severity: grave
> > Tags: security
> >
> > Hi,
> >
> > keepalive writes a public writeable pid file to /var/run
> >
> > -rw-rw-rw- 1 root root 5 2011-02-08 13:00 keepalived.pid
> >
> > Cheers,
> > Martin
> >
> >
> > reference:
> > http://lists.debian.org/05578BFF-44FC-41B3-9E8E-C11B5B9A6C11@...il.com
> 
> Thanks,
> --
> Yves-Alexis

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ