Create an account

Subscribe to LWN

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Plugging into GCC

LWN.net Weekly Edition for October 2, 2008

Ubuntu debuts its Upstream Report

openSUSE and the distribution of proprietary software

LPC: What's happening with webcams

Weekly edition	Kernel	Security	Distributions	Search
Archives	Calendar	Subscribe	Write for LWN	LWN.net FAQ

liferea: weak permissions

Package(s):

liferea

CVE #(s):

CVE-2007-5751

Created:

November 2, 2007

Updated:

April 23, 2008

Description:

Liferea before 1.4.6 uses weak permissions (0644) for the feedlist.opml backup file, which allows local users to obtain credentials.

Alerts:

Fedora	FEDORA-2008-3249	2008-04-22
Fedora	FEDORA-2008-3283	2008-04-22
Fedora	FEDORA-2008-2682	2008-03-26
Fedora	FEDORA-2008-2662	2008-03-26
Fedora	FEDORA-2008-1535	2008-02-13
Fedora	FEDORA-2008-1435	2008-02-13
Fedora	FEDORA-2007-3701	2007-11-29
Fedora	FEDORA-2007-3733	2007-11-29
Fedora	FEDORA-2007-2853	2007-11-06
Fedora	FEDORA-2007-2725	2007-11-01

(Log in to post comments)

liferea: weak permissions

Posted Nov 10, 2007 21:29 UTC (Sat) by kreutzm (subscriber, #4700) [Link]

Debian Sarge and Etch are not vulnerable.

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds