apache-doc: Incorrect Permissions

To: security@debian.org, debian-apache@lists.debian.org
Subject: apache-doc: Incorrect Permissions
From: Elliott Mitchell <ehem@m5p.com>
Date: Sun, 11 Jul 2004 21:33:17 -0700 (PDT)
Message-id: <[🔎] 200407120433.i6C4XHqi095293@m5p.com>

First reported as bug #180780. This is actually a security issue, though
not a huge one. As the UID/GID are fairly low even a smallish system
could allocate them and result in files on /usr that are writable to a
user. This is being propogated through the security updates and is
present in 1.3.26-0woody5.

At a minimum this needs to be fixed in future security releases, but I'm
unsure whether this rates one on its own.


-- 
(\___(\___(\______          --=> 8-) EHM <=--          ______/)___/)___/)
 \   (    |         EHeM@gremlin.m5p.com PGP 8881EF59         |    )   /
  \_  \   |  _____  -O #include <stddisclaimer.h> O-   _____  |   /  _/
    \___\_|_/82 04 A1 3C C7 B1 37 2A*E3 6E 84 DA 97 4C 40 E6\_|_/___/

Reply to:

Prev by Date: Bug#258772: apache2-mpm-prefork: wrong path of suEXEC binary
Next by Date: questions for the Apache Software Foundation [was: Apple's APSL 2.0 " Debian Free Software Guidelines"-compliant?]
Previous by thread: Bug#258772: marked as done (apache2-mpm-prefork: wrong path of suEXEC binary)
Next by thread: questions for the Apache Software Foundation [was: Apple's APSL 2.0 " Debian Free Software Guidelines"-compliant?]
Index(es):
- Date
- Thread