Please use CVE-2011-1784 for this.

Thanks.

-- 
    JB

----- Original Message -----
> Hey,
> 
> it was reported that keepalived (and some other daemons) store their
> pid
> file with permission 666. A bug was opened for keepalived in Debian,
> could a CVE be assigned to the issue?
> 
> Bug text was:
> 
> On mar., 2011-05-10 at 16:33 +0200, Martin Zobel-Helas wrote:
> > Package: keepalived
> > Version: 1.1.12-1
> > Severity: grave
> > Tags: security
> >
> > Hi,
> >
> > keepalive writes a public writeable pid file to /var/run
> >
> > -rw-rw-rw- 1 root root 5 2011-02-08 13:00 keepalived.pid
> >
> > Cheers,
> > Martin
> >
> >
> > reference:
> > http://lists.debian.org/[email protected]
> 
> Thanks,
> --
> Yves-Alexis



-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to