Joined: 12 May 2004
|Posted: Sun Jan 16, 2011 1:26 pm Post subject: [ GLSA 201101-07 ] Prewikka: password disclosure
|Gentoo Linux Security Advisory
Title: Prewikka: password disclosure (GLSA 201101-07)
Date: January 16, 2011
Due to a world-readable file, a local attacker can obtain the SQL database
password used by Prewikka.
Prewikka is a graphical front-end analysis console for the Prelude
Hybrid IDS Framework.
Vulnerable: < 0.9.14-r2
Unaffected: >= 0.9.14-r2
Architectures: All supported architectures
The permissions of the prewikka.conf file are set world readable.
A local attacker could obtain the SQL database password used by
There is no known workaround at this time.
All Prewikka users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/prewikka-0.9.14-r2"
NOTE: This is a legacy GLSA. Updates for all affected architectures are
available since May 18, 2009 . It is likely that your system is already
no longer affected by this issue.