Package: mailman
Version: 1:2.1.18-2
Severity: critical
Tags: security
Justification: root security hole
The log files of mailman, residing in /var/lib/mailman/log and in
/var/log/mailman, and the log directory itself are created
world-readable by default. This discloses sensitive information
severity 803161 normal
thanks
* Dominik George:
> Severity: critical
> Tags: security
> Justification: root security hole
>
> The log files of mailman, residing in /var/lib/mailman/log and in
> /var/log/mailman, and the log directory itself are created
> world-readable by default. This discloses
On Tue, 27 Oct 2015, Dominik George wrote:
> >This issue can be considered a security vulnerability, but it is
> >certainly not a rot security hole, hence lowering the severity.
> root (or another privileged system account), or *data normally
> accessible only by such accounts*“
By default, the
Hi,
>This issue can be considered a security vulnerability, but it is
>certainly not a rot security hole, hence lowering the severity.
I actually think reportbug is very clear in that regard:
„introduces a security hole allowing access to
root (or another privileged system account), or *data
4 matches
Mail list logo