Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <818FF3C1-7291-4AEB-B5F6-13D73B3C8E15@corman.io>
Date: Mon, 7 Apr 2014 23:05:42 -0400
From: Ben Corman <ben@...man.io>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: Icecast world readable log/logdir

This seems to be the behavior on Ubuntu 12.04 as well.

$ ls -al /var/log/icecast2/
total 1044
drwxr-xr-x  2 icecast2 icecast   4096 Apr  6 06:53 .
drwxr-xr-x 12 root     root      4096 Apr  7 06:30 ..
-rw-r--r--  1 icecast2 icecast 135830 Apr  7 22:59 access.log
-rw-r--r--  1 icecast2 icecast 339901 Apr  7 22:59 error.log

On Apr 6, 2014, at 1:32 PM, Agostino Sarubbo <ago@...too.org> wrote:

> I just noticed that (at least on gentoo), the following package produces a 
> world readable log:
> 
> Icecast (http://www.icecast.org):
> # ls -la /var/log/icecast 
> total 18648
> drwxrw-r--  2 icecast nogroup     4096 Apr  6 12:23 .
> drwxr-xr-x 15 root    root        4096 Apr  5 04:20 ..
> -rw-r--r--  1 icecast nogroup  5646894 Apr  6 19:27 access.log
> -rw-r--r--  1 icecast nogroup  3181987 Apr  6 19:27 error.log
> -- 
> Agostino Sarubbo
> Gentoo Linux Developer

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.