Computer Security
[EN] securityvulns.ru no-pyccku


logrotate multiple security vulnerabilities
updated since 06.04.2011
Published:26.07.2011
Source:
SecurityVulns ID:11566
Type:local
Threat Level:
5/10
Description:Race conditions, unfiltered shell characters vulnerability, DoS.
Affected:LOGROTATE : logrotate 3.7
CVE:CVE-2011-1548 (The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by /var/log/postgresql/.)
 CVE-2011-1155 (The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.)
 CVE-2011-1154 (The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.)
 CVE-2011-1098 (Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place.)
Original documentdocumentUBUNTU, [USN-1172-1] logrotate vulnerabilities (26.07.2011)
 documentMANDRIVA, [ MDVSA-2011:065 ] logrotate (06.04.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod