luci is vulnerable to information disclosure attacks. The vulnerability exists through a Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as “authentication secrets”.
CPE | Name | Operator | Version |
---|---|---|---|
luci | eq | 0.26.0__37.el6 | |
luci | eq | 0.23.0__13.el6 | |
luci | eq | 0.26.0__13.el6 | |
luci | eq | 0.22.2__14.el6_0.1 | |
luci | eq | 0.23.0__32.el6 | |
luci | eq | 0.22.2__14.el6 |
rhn.redhat.com/errata/RHSA-2013-1603.html
access.redhat.com/security/updates/classification/#moderate
access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.5_Technical_Notes/luci.html#RHSA-2013-1603
bugzilla.redhat.com/show_bug.cgi?id=1001835
bugzilla.redhat.com/show_bug.cgi?id=1001836
bugzilla.redhat.com/show_bug.cgi?id=878149
bugzilla.redhat.com/show_bug.cgi?id=880363
bugzilla.redhat.com/show_bug.cgi?id=883008
bugzilla.redhat.com/show_bug.cgi?id=886517
bugzilla.redhat.com/show_bug.cgi?id=886576
bugzilla.redhat.com/show_bug.cgi?id=917747
bugzilla.redhat.com/show_bug.cgi?id=988998
rhn.redhat.com/errata/RHSA-2013-1603.html