|
Message-ID: <51285803.3040403@redhat.com> Date: Fri, 22 Feb 2013 22:47:47 -0700 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: Agostino Sarubbo <ago@...too.org> Subject: Re: Cve request: tomcat world-readable logdir -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/22/2013 05:59 AM, Agostino Sarubbo wrote: > Hello, > > Tomcat 7 have a world readable log/logdir: > > drwxr-xr-x 2 ago ago 4096 Feb 22 13:50 . > drwxr-xr-x 8 root root 4096 Feb 22 13:50 .. > -rw-r--r-- 1 ago ago 5919 Feb 22 13:51 catalina.2013-02-22.log > -rw-r--r-- 1 ago ago 0 Feb 22 13:50 > host-manager.2013-02-22.log > -rw-r--r-- 1 ago ago 0 Feb 22 13:50 localhost.2013-02-22.log > -rw-r--r-- 1 ago ago 0 Feb 22 13:50 > localhost_access_log.2013-02-22.txt > -rw-r--r-- 1 ago ago 0 Feb 22 13:50 manager.2013-02-22.log > > I'd like to have a confirm on what is the behavior on the other > distros because it could be gentoo-related. Please use CVE-2013-0346 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRKFgDAAoJEBYNRVNeJnmTNCoP/i9b4pJnVxGFxGyotDh/m8jy /gCFHhLudK7w+i/5uDhYIPafANXU3NEZRPJqGF5E2NZOpSltXo+MgvxI33szlOGC nVEPWtrm71vLnFaPoTTvMBQJM/XKX2SzSoh4jiHZpYto4bPmcqX0T22Nl3xKVsK5 LD1YhnzlPiM8CJ26V3SN0ms6mRA841LvFK/pa4YxQ6bMs6hXYKVSdL3ouyxbBu36 5BPpaRCnVOc1GLgCDvwhyml4AkA0vabyvV7iXZX35tfDCiV/8PpQhOnb6mA0xRDN SP3NK+h0f5TiyBvztBZGNT0TD/NN8kZleXup3k4NBopQ0GOwSyuFGevX7Bxht2Qy XCQv/8W2HtIx/GTzF3TDzD7l3xYS/Xj+0cSkikw3te9Rkov4YtVwJ06DA3pRwmqm rCK63Ig8tSTNTQhjEz/ch1Y7ohSq2TL3NcPpGnZcaluwF06acPVmYmfakEJwCnur VocgcMRqyQBnYse1/IKUQdzcRvfNtSO/ucJkqyLNhxXqONacViNf+HtIsfOaSelh qmTdaHbO6HntZXJXSTeV6ZASnUgQAIWsn108ZQwuuVlE91khPN8HzbJm8xsjl8tM YV3bGBrDe0fbQ3LaVlIFmooR94MUsr/9feCOoWFOgh58knE/RU2qffBsro5fCEM8 fRYBuVzcB7fH9MeyW2Xq =mL9N -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.