First published: Fri Jul 26 2013(Updated: )
Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as "authentication secrets."
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Scientificlinux Luci | =0.26.0 | |
Redhat Enterprise Linux | =6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.