Red Hat Security Advisory 2013-1603-02 - Luci is a web-based high availability administration application. A flaw was found in the way the luci service was initialized. If a system administrator started the luci service from a directory that was writable to by a local user, that user could use this flaw to execute arbitrary code as the root or luci user. A flaw was found in the way luci generated its configuration file. The file was created as world readable for a short period of time, allowing a local user to gain access to the authentication secrets stored in the configuration file.
390b92c4abaa15b7e89a39f5215aff24625e8e3e48eef514bab0df512a2a6246