GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Sun Jan 16, 2011 1:26 pm Post subject: [ GLSA 201101-07 ] Prewikka: password disclosure |
 |
|
Gentoo Linux Security Advisory
Title: Prewikka: password disclosure (GLSA 201101-07)
Severity: normal
Exploitable: local
Date: January 16, 2011
Bug(s): #270056
ID: 201101-07
Synopsis
Due to a world-readable file, a local attacker can obtain the SQL database
password used by Prewikka.
Background
Prewikka is a graphical front-end analysis console for the Prelude
Hybrid IDS Framework.
Affected Packages
Package: net-analyzer/prewikka
Vulnerable: < 0.9.14-r2
Unaffected: >= 0.9.14-r2
Architectures: All supported architectures
Description
The permissions of the prewikka.conf file are set world readable.
Impact
A local attacker could obtain the SQL database password used by
Prewikka.
Workaround
There is no known workaround at this time.
Resolution
All Prewikka users should upgrade to the latest version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/prewikka-0.9.14-r2" |
NOTE: This is a legacy GLSA. Updates for all affected architectures are
available since May 18, 2009 . It is likely that your system is already
no longer affected by this issue.
References
CVE-2010-2058 |
|
News & Announcements
