Lucene search

Gentoo FoundationGLSA-201101-07

HistoryJan 16, 2011 - 12:00 a.m.

Prewikka: password disclosure

2011-01-1600:00:00

Gentoo Foundation

security.gentoo.org

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

EPSS

Percentile

5.1%

JSON

Background

Prewikka is a graphical front-end analysis console for the Prelude Hybrid IDS Framework.

Description

The permissions of the prewikka.conf file are set world readable.

Impact

A local attacker could obtain the SQL database password used by Prewikka.

Workaround

There is no known workaround at this time.

Resolution

All Prewikka users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=net-analyzer/prewikka-0.9.14-r2"

NOTE: This is a legacy GLSA. Updates for all affected architectures are available since May 18, 2009 . It is likely that your system is already no longer affected by this issue.

OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-analyzer/prewikka< 0.9.14-r2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	net-analyzer/prewikka	< 0.9.14-r2	UNKNOWN

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

EPSS

Percentile

5.1%

JSON

Related for GLSA-201101-07