Bug 1007895 (CVE-2016-2121)

Summary: VUL-1: CVE-2016-2121: redis: weak permissions on sensitive files
Product: [Novell Products] SUSE Security Incidents Reporter: Sebastian Krahmer <krahmer>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P4 - Low CC: astieger, mpluskal, smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/174309/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Sebastian Krahmer 2016-11-01 14:09:16 UTC 
Not on a maintained distro, but keeping it here so its
not forgotten.



References:
https://bugzilla.redhat.com/show_bug.cgi?id=1390588
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2121
Comment 1 Marcus Meissner 2016-11-07 16:47:51 UTC 
(quote from rh bugzilla:

It was found that redis set weak permissions on certain files that could potentially contain sensitive information:

-rw-r--r--. 1 redis root 41599 Feb  8  2016 /etc/redis.conf
-rw-r--r--. 1 redis root  7355 Feb  8  2016 /etc/redis-sentinel.conf
drwxr-xr-x. 2 redis redis 4096 Sep  9 14:29 /var/lib/redis


)
Comment 2 Martin Pluskal 2019-01-09 13:44:57 UTC 
Not on maintained distro - not my concern.
Comment 3 Andreas Stieger 2019-01-09 14:19:49 UTC 
already fixed in current versions