Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as "authentication secrets."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
scientificlinux luci 0.26.0 |
||
redhat enterprise linux 6.0 |