Agostino Sarubbo reported on the oss-security mailing list [1] that, on Gentoo, thttpd log file is world-readable. This could allow an unprivileged user to read the log file. References: [1] http://www.openwall.com/lists/oss-security/2013/02/22/18 [2] https://bugs.gentoo.org/show_bug.cgi?id=458896 [3] http://www.openwall.com/lists/oss-security/2013/02/23/7 Relevant (sthttpd) upstream patch: [4] http://opensource.dyc.edu/gitweb/?p=sthttpd.git;a=commit;h=d2e186dbd58d274a0dea9b59357edc8498b5388d
This issue affects the versions of the thttpd package, as shipped with Fedora release of 17, 18, Fedora EPEL-5, and Fedora EPEL-6. Please schedule an update.
Created thttpd tracking bugs for this issue Affects: fedora-all [bug 924858] Affects: epel-all [bug 924859]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.