NuytsTech Security

CVE-2013-4481

by ·

Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as "authentication secrets."

Date published : 2013-11-23

https://bugzilla.redhat.com/show_bug.cgi?id=988998

http://rhn.redhat.com/errata/RHSA-2013-1603.html

Tags: