Bug 1007895 – VUL-1: CVE-2016-2121: redis: weak permissions on sensitive files

Bug 1007895 - (CVE-2016-2121) VUL-1: CVE-2016-2121: redis: weak permissions on sensitive files

(CVE-2016-2121)
Summary:	VUL-1: CVE-2016-2121: redis: weak permissions on sensitive files

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Minor
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/174309/
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2016-11-01 14:09 UTC by Sebastian Krahmer
Modified:	2019-01-09 14:19 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sebastian Krahmer 2016-11-01 14:09:16 UTC

Not on a maintained distro, but keeping it here so its
not forgotten.



References:
https://bugzilla.redhat.com/show_bug.cgi?id=1390588
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2121

Comment 1 Marcus Meissner 2016-11-07 16:47:51 UTC

(quote from rh bugzilla:

It was found that redis set weak permissions on certain files that could potentially contain sensitive information:

-rw-r--r--. 1 redis root 41599 Feb  8  2016 /etc/redis.conf
-rw-r--r--. 1 redis root  7355 Feb  8  2016 /etc/redis-sentinel.conf
drwxr-xr-x. 2 redis redis 4096 Sep  9 14:29 /var/lib/redis


)

Comment 2 Martin Pluskal 2019-01-09 13:44:57 UTC

Not on maintained distro - not my concern.

Comment 3 Andreas Stieger 2019-01-09 14:19:49 UTC

already fixed in current versions