nginx 1.3.13 world-readable logdir

2013-02-22 / 2013-02-24
Credit: Agostino Sarubbo
Risk: Low
Local: Yes
Remote: No
CVE: CVE-2013-0337
CWE: CWE-264


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

I just noticed my nginx logdir and its content are world-readable: drwxr-xr-x 2 root root 4096 Jan 10 00:11 . drwxr-xr-x 16 root root 4096 Feb 21 17:46 .. -rw-r--r-- 1 root root 69415 Feb 21 17:46 error_log -rw-r--r-- 1 root root 93017 Feb 18 22:03 localhost.access_log -rw-r--r-- 1 root root 86227 Feb 18 22:03 localhost.error_log Please use CVE-2013-0337 for nginx world readable log files. Also Fedora 16 (and I assume 17/18) are affected by this: # ls -la /var/log/nginx/ total 8 drwxr-xr-x. 2 root root 4096 Feb 21 21:18 . drwxr-xr-x. 28 root root 4096 Feb 21 21:17 .. - -rw-r--r--. 1 root root 0 Feb 21 21:18 access.log - -rw-r--r--. 1 root root 0 Feb 21 21:18 error.log Sigh. I'm guessing a lot of other web servers are vulnerable by default on Linux and BSD distros too. Anyone care to make such a list and send it in?

References:

http://seclists.org/oss-sec/2013/q1/389


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top