Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <4FBD259E.9000809@redhat.com>
Date: Wed, 23 May 2012 11:59:58 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Matthias Weckbecker <mweckbecker@...e.de>
Subject: Re: CVE request(?): hostapd: improper file permissions
 of hostapd's config leaks credentials

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/23/2012 02:21 AM, Matthias Weckbecker wrote:
> Hi Kurt, Hi vendors,
> 
> not too critical in my opinion, but I think still worth to be at
> least mentioned briefly as other distros such as Fedora 16 were
> affected too:
> 
> https://bugzilla.novell.com/show_bug.cgi?id=740964

Please use CVE-2012-2389 for this issue.

> I'm not sure whether this issue should get a CVE, but in the past
> similar vulnerabilities got a CVE (e.g. CVE-2012-0863).

Indeed they have, my all time favourite example of this kind of flaw
is CVE-2002-0849 =).

> 
> Thanks, Matthias
> 


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPvSWeAAoJEBYNRVNeJnmTswEQAN4cL2LE+aZQFcP4qbQCLVx4
J7k22Qmt1RZvRt8oMTMOx/uYnVi60ZsxU4JxU+MuzFJadIQ2nfjk3wG6sXAvQ3FH
2VZf0aB8NchhGikIBw7u4imp6zC6Wx5UaREEWp2F3KToCCWbZv8jUg9eZGKryiqE
fzZmfAVNlgBjuSRJ1Pt3ictxkbuwfSINddSj3UZeZiZ5WcmcTxh8ZeurMm+PwxDB
GE3gsQ1vVuNROq2lKc0yl6d+syEPFRJKFd2eqQTwRTYYfZbNgwDyG3zzp6UL8zgb
02quSIarL0idEQ8R6IVf7OdK4KZAehEQgWgUJ48GaWv+cAEbqaTc6IYCjHx+/KlZ
mwrNJS8bB5kE3o21otDimi+vkEdaOF05MYPqa29tlkvFB3Uq04AJyz0BLlMHMd/3
FuWuPzBjFNqy8K4AllCxnz5Lcuz1Ppv6Qyu3oEBTVyZsMhHvDOc79hIMVZ3E3ZNK
RgBROYqx+7TE0yAEJaTmsTIy0q42aVB4q9sxo4fMoBE35HGVfK480Ct8wZc5ejV5
+8ZVCaH3AmbPkK3eh9/mms1RyLdQKl8ONJY9Y/BTgUUZD+CUqyWb3Wnyt5qJI4pN
yS/UrVRZp1ICU8/En55DzOfDtTbF0FQmeN3ANQUszqJF8th+SyylQZNW8AdEM4Cf
XdRhz8TpVjY2IXTqwRw/
=2J5e
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.