Vulnerabilites related to gentoo - logrotate
CVE-2011-1155 (GCVE-0-2011-1155)
Vulnerability from cvelistv5
Published
2011-03-30 22:00
Modified
2024-08-06 22:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:27.789Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "43955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43955"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "ADV-2011-0961",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0961"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "FEDORA-2011-3739",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "ADV-2011-0791",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0791"
},
{
"name": "MDVSA-2011:065",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:065"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "FEDORA-2011-3758",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=680797"
},
{
"name": "RHSA-2011:0407",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0407.html"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "ADV-2011-0872",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0872"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \\n (newline) or (2) \\ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-04-21T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "43955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43955"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "ADV-2011-0961",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0961"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "FEDORA-2011-3739",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "ADV-2011-0791",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0791"
},
{
"name": "MDVSA-2011:065",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:065"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "FEDORA-2011-3758",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=680797"
},
{
"name": "RHSA-2011:0407",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0407.html"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "ADV-2011-0872",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0872"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1155",
"datePublished": "2011-03-30T22:00:00",
"dateReserved": "2011-03-03T00:00:00",
"dateUpdated": "2024-08-06T22:14:27.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1549 (GCVE-0-2011-1549)
Vulnerability from cvelistv5
Published
2011-03-30 22:00
Modified
2024-08-06 22:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "47170",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47170"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate\u0027s lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-04-21T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "47170",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47170"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate\u0027s lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "47170",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47170"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1549",
"datePublished": "2011-03-30T22:00:00",
"dateReserved": "2011-03-30T00:00:00",
"dateUpdated": "2024-08-06T22:28:41.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1098 (GCVE-0-2011-1098)
Vulnerability from cvelistv5
Published
2011-03-30 22:00
Modified
2024-08-06 22:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:27.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "43955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43955"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "ADV-2011-0961",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0961"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "FEDORA-2011-3739",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "ADV-2011-0791",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0791"
},
{
"name": "MDVSA-2011:065",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:065"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=680798"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "FEDORA-2011-3758",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"name": "RHSA-2011:0407",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0407.html"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "ADV-2011-0872",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0872"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-04-21T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "43955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43955"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "ADV-2011-0961",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0961"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "FEDORA-2011-3739",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "ADV-2011-0791",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0791"
},
{
"name": "MDVSA-2011:065",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:065"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=680798"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "FEDORA-2011-3758",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"name": "RHSA-2011:0407",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0407.html"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "ADV-2011-0872",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0872"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1098",
"datePublished": "2011-03-30T22:00:00",
"dateReserved": "2011-02-24T00:00:00",
"dateUpdated": "2024-08-06T22:14:27.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1154 (GCVE-0-2011-1154)
Vulnerability from cvelistv5
Published
2011-03-30 22:00
Modified
2024-08-06 22:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:27.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "43955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43955"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "ADV-2011-0961",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0961"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=680796"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "FEDORA-2011-3739",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "ADV-2011-0791",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0791"
},
{
"name": "MDVSA-2011:065",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:065"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "FEDORA-2011-3758",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"name": "RHSA-2011:0407",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0407.html"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "ADV-2011-0872",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0872"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-04-21T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "43955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43955"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "ADV-2011-0961",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0961"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=680796"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "FEDORA-2011-3739",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "ADV-2011-0791",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0791"
},
{
"name": "MDVSA-2011:065",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:065"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "FEDORA-2011-3758",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"name": "RHSA-2011:0407",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0407.html"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "ADV-2011-0872",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0872"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1154",
"datePublished": "2011-03-30T22:00:00",
"dateReserved": "2011-03-03T00:00:00",
"dateUpdated": "2024-08-06T22:14:27.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1548 (GCVE-0-2011-1548)
Vulnerability from cvelistv5
Published
2011-03-30 22:00
Modified
2024-08-06 22:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by /var/log/postgresql/.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"name": "47167",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47167"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606544"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate\u0027s lack of support for untrusted directories, as demonstrated by /var/log/postgresql/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-04-21T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"name": "47167",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47167"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606544"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate\u0027s lack of support for untrusted directories, as demonstrated by /var/log/postgresql/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"name": "47167",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47167"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606544",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606544"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1548",
"datePublished": "2011-03-30T22:00:00",
"dateReserved": "2011-03-30T00:00:00",
"dateUpdated": "2024-08-06T22:28:41.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1550 (GCVE-0-2011-1550)
Vulnerability from cvelistv5
Published
2011-03-30 22:00
Modified
2024-09-16 20:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate\u0027s lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-03-30T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate\u0027s lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1550",
"datePublished": "2011-03-30T22:00:00Z",
"dateReserved": "2011-03-30T00:00:00Z",
"dateUpdated": "2024-09-16T20:37:56.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2011-03-30 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html | Patch | |
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/16 | Patch | |
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/17 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/18 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/19 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/22 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/24 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/25 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/26 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/27 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/28 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/29 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/30 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/31 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/32 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/33 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/05/4 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/05/6 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/05/8 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/06/3 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/06/4 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/06/5 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/06/6 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/07/11 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/07/5 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/07/6 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/08/5 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/10/2 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/10/3 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/10/6 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/10/7 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/11/3 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/11/5 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/14/26 | Patch | |
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/23/11 | ||
| secalert@redhat.com | http://secunia.com/advisories/43955 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2011:065 | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2011-0407.html | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2011/0791 | Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2011/0872 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2011/0961 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=680797 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/16 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/17 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/18 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/19 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/22 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/24 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/25 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/26 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/27 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/28 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/29 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/30 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/31 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/32 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/33 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/05/4 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/05/6 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/05/8 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/06/3 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/06/4 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/06/5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/06/6 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/07/11 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/07/5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/07/6 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/08/5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/10/2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/10/3 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/10/6 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/10/7 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/11/3 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/11/5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/14/26 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/23/11 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/43955 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2011:065 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2011-0407.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0791 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0872 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0961 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=680797 | Patch |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gentoo | logrotate | * | |
| gentoo | logrotate | 3.3 | |
| gentoo | logrotate | 3.5.9 | |
| gentoo | logrotate | 3.5.9 | |
| gentoo | logrotate | 3.6.5 | |
| gentoo | logrotate | 3.6.5 | |
| gentoo | logrotate | 3.7 | |
| gentoo | logrotate | 3.7.1 | |
| gentoo | logrotate | 3.7.1 | |
| gentoo | logrotate | 3.7.1 | |
| gentoo | logrotate | 3.7.2 | |
| gentoo | logrotate | 3.7.6 | |
| gentoo | logrotate | 3.7.7 | |
| gentoo | logrotate | 3.7.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gentoo:logrotate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBB1E3AD-DFB4-4A8F-9753-0049B41BC155",
"versionEndIncluding": "3.7.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "9E2EEED0-4022-467B-9EBF-E6DA61B16B16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2BE715C9-9C25-4998-90D3-556E53B177B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.5.9:r1:*:*:*:*:*:*",
"matchCriteriaId": "812F126C-8855-468A-B723-24C8AEF325E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FAAE7BE5-701A-4A90-8163-5ABAC49121CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.6.5:r1:*:*:*:*:*:*",
"matchCriteriaId": "A142B712-B06E-4E87-B7A8-DE12E94C25EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "22668C8E-3C09-4DF2-91B2-C2F699AF8A79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61673333-B183-4C09-9012-D78E05FE48EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "C54EBB10-0359-444F-9726-0406D6F8DD40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "810F039B-E454-446B-94D2-97C67B814483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EACBE194-176D-40BD-AA9E-4179D25A48EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8A482-13E0-4B01-A32F-7AB46FED3ACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "47E3950C-3FBB-41D8-BBA7-FEAB540859A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB650B0-8CDB-4DE9-94CE-48E78A453262",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \\n (newline) or (2) \\ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name."
},
{
"lang": "es",
"value": "La funci\u00f3n writeState en logrotate.c en Logrotate v3.7.9 y anteriores podr\u00eda permitir a atacantes dependientes de contexto provocar una denegaci\u00f3n de servicio (\u0027rotation outage\u0027) a trav\u00e9s de (1) \\n (nueva l\u00ednea) o (2) caracter \\ (backslash) en ficheros de traza, como se demuestra en un archivo que es construido autom\u00e1ticamente en la base del nombre de host o nombre de m\u00e1quina virtual."
}
],
"id": "CVE-2011-1155",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 1.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-30T22:55:02.440",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/43955"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:065"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0407.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0791"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0872"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0961"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=680797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0407.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=680797"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-30 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by /var/log/postgresql/.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606544 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/16 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/17 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/18 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/19 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/22 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/24 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/25 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/26 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/27 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/28 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/29 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/30 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/31 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/32 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/33 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/05/4 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/05/6 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/05/8 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/06/3 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/06/4 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/06/5 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/06/6 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/07/11 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/07/5 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/07/6 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/08/5 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/10/2 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/10/3 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/10/6 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/10/7 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/11/3 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/11/5 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/14/26 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/23/11 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/47167 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606544 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/16 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/17 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/18 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/19 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/22 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/24 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/25 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/26 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/27 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/28 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/29 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/30 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/31 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/32 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/33 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/05/4 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/05/6 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/05/8 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/06/3 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/06/4 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/06/5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/06/6 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/07/11 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/07/5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/07/6 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/08/5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/10/2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/10/3 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/10/6 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/10/7 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/11/3 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/11/5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/14/26 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/23/11 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/47167 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gentoo:logrotate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24285EAC-E6BE-421E-B6C1-35CF176769E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7B30CD4-008C-4452-843C-EB5DB15FA7A2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate\u0027s lack of support for untrusted directories, as demonstrated by /var/log/postgresql/."
},
{
"lang": "es",
"value": "La configuraci\u00f3n por defecto en logrotate en Debien GNU/Linux usa privilegios de administrador para procesar archivos en directorios que permite acceso de escritura a no-administradores, lo que permite a usuarios locales conducir ataques de enlace simb\u00f3lico y enlace fijo aprovech\u00e1ndose de la falta de soporte en logrotate para directorios no confiables, como fue desmotrado por /var/log/postgresql/."
}
],
"id": "CVE-2011-1548",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.3,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-30T22:55:02.533",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606544"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/47167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606544"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47167"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-30 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/16 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/17 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/18 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/19 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/22 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/24 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/25 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/26 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/27 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/28 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/29 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/30 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/31 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/32 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/33 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/05/4 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/05/6 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/05/8 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/06/3 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/06/4 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/06/5 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/06/6 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/07/11 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/07/5 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/07/6 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/08/5 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/10/2 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/10/3 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/10/6 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/10/7 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/11/3 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/11/5 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/14/26 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/23/11 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/16 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/17 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/18 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/19 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/22 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/24 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/25 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/26 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/27 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/28 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/29 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/30 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/31 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/32 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/33 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/05/4 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/05/6 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/05/8 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/06/3 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/06/4 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/06/5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/06/6 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/07/11 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/07/5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/07/6 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/08/5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/10/2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/10/3 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/10/6 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/10/7 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/11/3 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/11/5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/14/26 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/23/11 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gentoo | logrotate | * | |
| novell | opensuse_factory | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gentoo:logrotate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24285EAC-E6BE-421E-B6C1-35CF176769E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:novell:opensuse_factory:*:*:*:*:*:*:*:*",
"matchCriteriaId": "882DC849-895C-4BD7-91AA-A8F38F418300",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate\u0027s lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages."
},
{
"lang": "es",
"value": "La configuraci\u00f3n por defecto de logrotate en SUSE openSUSE Factory utiliza privilegios de administrador para procesar ficheros en directorios que permite a un no-adminitrador acceso de escritura, lo que permite a usuarios locales conducir ataques de enlace simb\u00f3lico y enlace fijo aprovech\u00e1ndose de la falta de soporte en logrotate para directorios no confiables, como se demostr\u00f3 en directorios para el (1) cobbler, (2) inn, (3) safte-monitor, y (4) paquetes uccp."
}
],
"id": "CVE-2011-1550",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.3,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-30T22:55:02.707",
"references": [
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-30 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html | Patch | |
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/16 | Patch | |
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/17 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/18 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/19 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/22 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/24 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/25 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/26 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/27 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/28 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/29 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/30 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/31 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/32 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/33 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/05/4 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/05/6 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/05/8 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/06/3 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/06/4 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/06/5 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/06/6 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/07/11 | Patch | |
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/07/5 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/07/6 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/08/5 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/10/2 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/10/3 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/10/6 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/10/7 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/11/3 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/11/5 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/14/26 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/23/11 | ||
| secalert@redhat.com | http://secunia.com/advisories/43955 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2011:065 | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2011-0407.html | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2011/0791 | Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2011/0872 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2011/0961 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=680798 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/16 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/17 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/18 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/19 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/22 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/24 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/25 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/26 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/27 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/28 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/29 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/30 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/31 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/32 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/33 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/05/4 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/05/6 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/05/8 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/06/3 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/06/4 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/06/5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/06/6 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/07/11 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/07/5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/07/6 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/08/5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/10/2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/10/3 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/10/6 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/10/7 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/11/3 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/11/5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/14/26 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/23/11 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/43955 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2011:065 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2011-0407.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0791 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0872 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0961 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=680798 | Patch |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gentoo | logrotate | * | |
| gentoo | logrotate | 3.3 | |
| gentoo | logrotate | 3.5.9 | |
| gentoo | logrotate | 3.5.9 | |
| gentoo | logrotate | 3.6.5 | |
| gentoo | logrotate | 3.6.5 | |
| gentoo | logrotate | 3.7 | |
| gentoo | logrotate | 3.7.1 | |
| gentoo | logrotate | 3.7.1 | |
| gentoo | logrotate | 3.7.1 | |
| gentoo | logrotate | 3.7.2 | |
| gentoo | logrotate | 3.7.6 | |
| gentoo | logrotate | 3.7.7 | |
| gentoo | logrotate | 3.7.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gentoo:logrotate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBB1E3AD-DFB4-4A8F-9753-0049B41BC155",
"versionEndIncluding": "3.7.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "9E2EEED0-4022-467B-9EBF-E6DA61B16B16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2BE715C9-9C25-4998-90D3-556E53B177B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.5.9:r1:*:*:*:*:*:*",
"matchCriteriaId": "812F126C-8855-468A-B723-24C8AEF325E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FAAE7BE5-701A-4A90-8163-5ABAC49121CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.6.5:r1:*:*:*:*:*:*",
"matchCriteriaId": "A142B712-B06E-4E87-B7A8-DE12E94C25EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "22668C8E-3C09-4DF2-91B2-C2F699AF8A79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61673333-B183-4C09-9012-D78E05FE48EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "C54EBB10-0359-444F-9726-0406D6F8DD40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "810F039B-E454-446B-94D2-97C67B814483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EACBE194-176D-40BD-AA9E-4179D25A48EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8A482-13E0-4B01-A32F-7AB46FED3ACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "47E3950C-3FBB-41D8-BBA7-FEAB540859A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB650B0-8CDB-4DE9-94CE-48E78A453262",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place."
},
{
"lang": "es",
"value": "Condici\u00f3n de carrera en la funci\u00f3n createOutputFile en logrotate.c en logrotate v3.7.9 y anteriores permite a usuarios locales leer los datos de registro mediante la apertura de un archivo antes de que los permisos previstos este activos."
}
],
"id": "CVE-2011-1098",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-30T22:55:02.253",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/43955"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:065"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0407.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0791"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0872"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0961"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=680798"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0407.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=680798"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-30 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/16 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/17 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/18 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/19 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/22 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/24 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/25 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/26 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/27 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/28 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/29 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/30 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/31 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/32 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/04/33 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/05/4 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/05/6 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/05/8 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/06/3 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/06/4 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/06/5 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/06/6 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/07/11 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/07/5 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/07/6 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/08/5 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/10/2 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/10/3 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/10/6 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/10/7 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/11/3 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/11/5 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/14/26 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2011/03/23/11 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/47170 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/16 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/17 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/18 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/19 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/22 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/24 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/25 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/26 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/27 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/28 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/29 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/30 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/31 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/32 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/33 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/05/4 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/05/6 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/05/8 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/06/3 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/06/4 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/06/5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/06/6 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/07/11 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/07/5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/07/6 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/08/5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/10/2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/10/3 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/10/6 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/10/7 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/11/3 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/11/5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/14/26 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/23/11 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/47170 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gentoo:logrotate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24285EAC-E6BE-421E-B6C1-35CF176769E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "647BA336-5538-4972-9271-383A0EC9378E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate\u0027s lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages."
},
{
"lang": "es",
"value": "La configuraci\u00f3n por defecto en logrotate en Gentoo Linux utiliza privilegios de administrador para procear archivos en directorios que permite a no-administradores acceso de escritura, lo que permite a usuarios locales conducir ataques de enlace simb\u00f3lico y enlace fijo aprovech\u00e1ndose de la falta de soporte en logrotate en directorios no confiables, como fue demostrado en directorios bajo /var/log/ para paquetes."
}
],
"id": "CVE-2011-1549",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.3,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-30T22:55:02.610",
"references": [
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/47170"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47170"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-30 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html | Patch | |
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/16 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/17 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/18 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/19 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/22 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/24 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/25 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/26 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/27 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/28 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/29 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/30 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/31 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/32 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/04/33 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/05/4 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/05/6 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/05/8 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/06/3 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/06/4 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/06/5 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/06/6 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/07/11 | Patch | |
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/07/5 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/07/6 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/08/5 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/10/2 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/10/3 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/10/6 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/10/7 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/11/3 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/11/5 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/14/26 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/03/23/11 | ||
| secalert@redhat.com | http://secunia.com/advisories/43955 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2011:065 | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2011-0407.html | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2011/0791 | Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2011/0872 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2011/0961 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=680796 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/16 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/17 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/18 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/19 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/22 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/24 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/25 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/26 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/27 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/28 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/29 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/30 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/31 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/32 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/04/33 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/05/4 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/05/6 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/05/8 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/06/3 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/06/4 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/06/5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/06/6 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/07/11 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/07/5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/07/6 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/08/5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/10/2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/10/3 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/10/6 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/10/7 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/11/3 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/11/5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/14/26 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/03/23/11 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/43955 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2011:065 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2011-0407.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0791 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0872 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0961 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=680796 | Patch |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gentoo | logrotate | * | |
| gentoo | logrotate | 3.3 | |
| gentoo | logrotate | 3.5.9 | |
| gentoo | logrotate | 3.5.9 | |
| gentoo | logrotate | 3.6.5 | |
| gentoo | logrotate | 3.6.5 | |
| gentoo | logrotate | 3.7 | |
| gentoo | logrotate | 3.7.1 | |
| gentoo | logrotate | 3.7.1 | |
| gentoo | logrotate | 3.7.1 | |
| gentoo | logrotate | 3.7.2 | |
| gentoo | logrotate | 3.7.6 | |
| gentoo | logrotate | 3.7.7 | |
| gentoo | logrotate | 3.7.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gentoo:logrotate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBB1E3AD-DFB4-4A8F-9753-0049B41BC155",
"versionEndIncluding": "3.7.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "9E2EEED0-4022-467B-9EBF-E6DA61B16B16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2BE715C9-9C25-4998-90D3-556E53B177B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.5.9:r1:*:*:*:*:*:*",
"matchCriteriaId": "812F126C-8855-468A-B723-24C8AEF325E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FAAE7BE5-701A-4A90-8163-5ABAC49121CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.6.5:r1:*:*:*:*:*:*",
"matchCriteriaId": "A142B712-B06E-4E87-B7A8-DE12E94C25EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "22668C8E-3C09-4DF2-91B2-C2F699AF8A79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61673333-B183-4C09-9012-D78E05FE48EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "C54EBB10-0359-444F-9726-0406D6F8DD40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "810F039B-E454-446B-94D2-97C67B814483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EACBE194-176D-40BD-AA9E-4179D25A48EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8A482-13E0-4B01-A32F-7AB46FED3ACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "47E3950C-3FBB-41D8-BBA7-FEAB540859A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB650B0-8CDB-4DE9-94CE-48E78A453262",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name."
},
{
"lang": "es",
"value": "La funci\u00f3n shred_file en logrotate.c en logrotate v3.7.9 y anteriores puede permitir a atacantes dependiendo del contexto, ejecutar comandos v\u00eda metacaracteres de la shell en un fichero de registro, como lo demuestra un nombre de archivo que es contruido de forma autom\u00e1tica sobre la base de un nombre de host o m\u00e1quina virtual."
}
],
"id": "CVE-2011-1154",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-30T22:55:02.360",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/43955"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:065"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0407.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0791"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0872"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0961"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=680796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0407.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=680796"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}