Lucene search

K

Veracode Vulnerability DatabaseVERACODE:10748

HistoryJan 15, 2019 - 8:51 a.m.

Information Disclosure

2019-01-1508:51:38

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6

0.0004 Low

EPSS

Percentile

5.1%

luci is vulnerable to information disclosure attacks. The vulnerability exists through a Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as “authentication secrets”.

CPENameOperatorVersion
lucieq0.26.0__37.el6
lucieq0.23.0__13.el6
lucieq0.26.0__13.el6
lucieq0.22.2__14.el6_0.1
lucieq0.23.0__32.el6
lucieq0.22.2__14.el6

References

rhn.redhat.com/errata/RHSA-2013-1603.html

access.redhat.com/security/updates/classification/#moderate

access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.5_Technical_Notes/luci.html#RHSA-2013-1603

bugzilla.redhat.com/show_bug.cgi?id=1001835

bugzilla.redhat.com/show_bug.cgi?id=1001836

bugzilla.redhat.com/show_bug.cgi?id=878149

bugzilla.redhat.com/show_bug.cgi?id=880363

bugzilla.redhat.com/show_bug.cgi?id=883008

bugzilla.redhat.com/show_bug.cgi?id=886517

bugzilla.redhat.com/show_bug.cgi?id=886576

bugzilla.redhat.com/show_bug.cgi?id=917747

bugzilla.redhat.com/show_bug.cgi?id=988998

rhn.redhat.com/errata/RHSA-2013-1603.html

0.0004 Low

EPSS

Percentile

5.1%

Related for VERACODE:10748

cve1 prion1 cvelist1 nvd1 redhat1 nessus3 centos1 veracode1