884854 – (CVE-2012-5628) CVE-2012-5628 gofer: /var/lib/gofer/journal/watchdog is world writable

Bug 884854 (CVE-2012-5628) - CVE-2012-5628 gofer: /var/lib/gofer/journal/watchdog is world writable

Summary: CVE-2012-5628 gofer: /var/lib/gofer/journal/watchdog is world writable

Keywords:
Status:	CLOSED WONTFIX
Alias:	CVE-2012-5628
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	877148
Blocks:	884979
TreeView+	depends on / blocked

Reported:	2012-12-06 21:01 UTC by Kurt Seifried
Modified:	2019-09-29 12:58 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2013-07-26 07:49:13 UTC
Embargoed:

Attachments	(Terms of Use)

Description Kurt Seifried 2012-12-06 21:01:50 UTC

In gofer 0.67 and earlier the /var/lib/gofer/journal/watchdog is world writable. 
This directory is used to hold watchdog objects which are used to track 
asynchronous messages by serial number. If journal entries are improperly removed 
a denial of service condition can occur. This has been modified in version 0.68.

Comment 1 Kurt Seifried 2013-07-26 07:41:35 UTC

The Red Hat Security Response Team has rated this issue as having low security impact in CloudForms 1.1. This issue is not currently planned to be addressed in future updates.

Note You need to log in before you can comment on or make changes to this bug.