Bug 1007895 - (CVE-2016-2121) VUL-1: CVE-2016-2121: redis: weak permissions on sensitive files
(CVE-2016-2121)
VUL-1: CVE-2016-2121: redis: weak permissions on sensitive files
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/174309/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-11-01 14:09 UTC by Sebastian Krahmer
Modified: 2019-01-09 14:19 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2016-11-01 14:09:16 UTC
Not on a maintained distro, but keeping it here so its
not forgotten.



References:
https://bugzilla.redhat.com/show_bug.cgi?id=1390588
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2121
Comment 1 Marcus Meissner 2016-11-07 16:47:51 UTC
(quote from rh bugzilla:

It was found that redis set weak permissions on certain files that could potentially contain sensitive information:

-rw-r--r--. 1 redis root 41599 Feb  8  2016 /etc/redis.conf
-rw-r--r--. 1 redis root  7355 Feb  8  2016 /etc/redis-sentinel.conf
drwxr-xr-x. 2 redis redis 4096 Sep  9 14:29 /var/lib/redis


)
Comment 2 Martin Pluskal 2019-01-09 13:44:57 UTC
Not on maintained distro - not my concern.
Comment 3 Andreas Stieger 2019-01-09 14:19:49 UTC
already fixed in current versions