Search criteria
18 vulnerabilities found for logrotate by gentoo
FKIE_CVE-2011-1098
Vulnerability from fkie_nvd - Published: 2011-03-30 22:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gentoo | logrotate | * | |
| gentoo | logrotate | 3.3 | |
| gentoo | logrotate | 3.5.9 | |
| gentoo | logrotate | 3.5.9 | |
| gentoo | logrotate | 3.6.5 | |
| gentoo | logrotate | 3.6.5 | |
| gentoo | logrotate | 3.7 | |
| gentoo | logrotate | 3.7.1 | |
| gentoo | logrotate | 3.7.1 | |
| gentoo | logrotate | 3.7.1 | |
| gentoo | logrotate | 3.7.2 | |
| gentoo | logrotate | 3.7.6 | |
| gentoo | logrotate | 3.7.7 | |
| gentoo | logrotate | 3.7.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gentoo:logrotate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBB1E3AD-DFB4-4A8F-9753-0049B41BC155",
"versionEndIncluding": "3.7.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "9E2EEED0-4022-467B-9EBF-E6DA61B16B16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2BE715C9-9C25-4998-90D3-556E53B177B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.5.9:r1:*:*:*:*:*:*",
"matchCriteriaId": "812F126C-8855-468A-B723-24C8AEF325E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FAAE7BE5-701A-4A90-8163-5ABAC49121CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.6.5:r1:*:*:*:*:*:*",
"matchCriteriaId": "A142B712-B06E-4E87-B7A8-DE12E94C25EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "22668C8E-3C09-4DF2-91B2-C2F699AF8A79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61673333-B183-4C09-9012-D78E05FE48EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "C54EBB10-0359-444F-9726-0406D6F8DD40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "810F039B-E454-446B-94D2-97C67B814483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EACBE194-176D-40BD-AA9E-4179D25A48EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8A482-13E0-4B01-A32F-7AB46FED3ACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "47E3950C-3FBB-41D8-BBA7-FEAB540859A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB650B0-8CDB-4DE9-94CE-48E78A453262",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place."
},
{
"lang": "es",
"value": "Condici\u00f3n de carrera en la funci\u00f3n createOutputFile en logrotate.c en logrotate v3.7.9 y anteriores permite a usuarios locales leer los datos de registro mediante la apertura de un archivo antes de que los permisos previstos este activos."
}
],
"id": "CVE-2011-1098",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-30T22:55:02.253",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/43955"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:065"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0407.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0791"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0872"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0961"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=680798"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0407.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=680798"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-1155
Vulnerability from fkie_nvd - Published: 2011-03-30 22:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gentoo | logrotate | * | |
| gentoo | logrotate | 3.3 | |
| gentoo | logrotate | 3.5.9 | |
| gentoo | logrotate | 3.5.9 | |
| gentoo | logrotate | 3.6.5 | |
| gentoo | logrotate | 3.6.5 | |
| gentoo | logrotate | 3.7 | |
| gentoo | logrotate | 3.7.1 | |
| gentoo | logrotate | 3.7.1 | |
| gentoo | logrotate | 3.7.1 | |
| gentoo | logrotate | 3.7.2 | |
| gentoo | logrotate | 3.7.6 | |
| gentoo | logrotate | 3.7.7 | |
| gentoo | logrotate | 3.7.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gentoo:logrotate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBB1E3AD-DFB4-4A8F-9753-0049B41BC155",
"versionEndIncluding": "3.7.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "9E2EEED0-4022-467B-9EBF-E6DA61B16B16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2BE715C9-9C25-4998-90D3-556E53B177B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.5.9:r1:*:*:*:*:*:*",
"matchCriteriaId": "812F126C-8855-468A-B723-24C8AEF325E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FAAE7BE5-701A-4A90-8163-5ABAC49121CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.6.5:r1:*:*:*:*:*:*",
"matchCriteriaId": "A142B712-B06E-4E87-B7A8-DE12E94C25EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "22668C8E-3C09-4DF2-91B2-C2F699AF8A79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61673333-B183-4C09-9012-D78E05FE48EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "C54EBB10-0359-444F-9726-0406D6F8DD40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "810F039B-E454-446B-94D2-97C67B814483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EACBE194-176D-40BD-AA9E-4179D25A48EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8A482-13E0-4B01-A32F-7AB46FED3ACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "47E3950C-3FBB-41D8-BBA7-FEAB540859A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB650B0-8CDB-4DE9-94CE-48E78A453262",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \\n (newline) or (2) \\ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name."
},
{
"lang": "es",
"value": "La funci\u00f3n writeState en logrotate.c en Logrotate v3.7.9 y anteriores podr\u00eda permitir a atacantes dependientes de contexto provocar una denegaci\u00f3n de servicio (\u0027rotation outage\u0027) a trav\u00e9s de (1) \\n (nueva l\u00ednea) o (2) caracter \\ (backslash) en ficheros de traza, como se demuestra en un archivo que es construido autom\u00e1ticamente en la base del nombre de host o nombre de m\u00e1quina virtual."
}
],
"id": "CVE-2011-1155",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 1.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-30T22:55:02.440",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/43955"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:065"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0407.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0791"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0872"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0961"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=680797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0407.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=680797"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-1154
Vulnerability from fkie_nvd - Published: 2011-03-30 22:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gentoo | logrotate | * | |
| gentoo | logrotate | 3.3 | |
| gentoo | logrotate | 3.5.9 | |
| gentoo | logrotate | 3.5.9 | |
| gentoo | logrotate | 3.6.5 | |
| gentoo | logrotate | 3.6.5 | |
| gentoo | logrotate | 3.7 | |
| gentoo | logrotate | 3.7.1 | |
| gentoo | logrotate | 3.7.1 | |
| gentoo | logrotate | 3.7.1 | |
| gentoo | logrotate | 3.7.2 | |
| gentoo | logrotate | 3.7.6 | |
| gentoo | logrotate | 3.7.7 | |
| gentoo | logrotate | 3.7.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gentoo:logrotate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBB1E3AD-DFB4-4A8F-9753-0049B41BC155",
"versionEndIncluding": "3.7.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "9E2EEED0-4022-467B-9EBF-E6DA61B16B16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2BE715C9-9C25-4998-90D3-556E53B177B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.5.9:r1:*:*:*:*:*:*",
"matchCriteriaId": "812F126C-8855-468A-B723-24C8AEF325E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FAAE7BE5-701A-4A90-8163-5ABAC49121CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.6.5:r1:*:*:*:*:*:*",
"matchCriteriaId": "A142B712-B06E-4E87-B7A8-DE12E94C25EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "22668C8E-3C09-4DF2-91B2-C2F699AF8A79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61673333-B183-4C09-9012-D78E05FE48EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "C54EBB10-0359-444F-9726-0406D6F8DD40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "810F039B-E454-446B-94D2-97C67B814483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EACBE194-176D-40BD-AA9E-4179D25A48EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8A482-13E0-4B01-A32F-7AB46FED3ACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "47E3950C-3FBB-41D8-BBA7-FEAB540859A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB650B0-8CDB-4DE9-94CE-48E78A453262",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name."
},
{
"lang": "es",
"value": "La funci\u00f3n shred_file en logrotate.c en logrotate v3.7.9 y anteriores puede permitir a atacantes dependiendo del contexto, ejecutar comandos v\u00eda metacaracteres de la shell en un fichero de registro, como lo demuestra un nombre de archivo que es contruido de forma autom\u00e1tica sobre la base de un nombre de host o m\u00e1quina virtual."
}
],
"id": "CVE-2011-1154",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-30T22:55:02.360",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/43955"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:065"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0407.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0791"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0872"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0961"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=680796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0407.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=680796"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-1548
Vulnerability from fkie_nvd - Published: 2011-03-30 22:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by /var/log/postgresql/.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gentoo:logrotate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24285EAC-E6BE-421E-B6C1-35CF176769E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7B30CD4-008C-4452-843C-EB5DB15FA7A2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate\u0027s lack of support for untrusted directories, as demonstrated by /var/log/postgresql/."
},
{
"lang": "es",
"value": "La configuraci\u00f3n por defecto en logrotate en Debien GNU/Linux usa privilegios de administrador para procesar archivos en directorios que permite acceso de escritura a no-administradores, lo que permite a usuarios locales conducir ataques de enlace simb\u00f3lico y enlace fijo aprovech\u00e1ndose de la falta de soporte en logrotate para directorios no confiables, como fue desmotrado por /var/log/postgresql/."
}
],
"id": "CVE-2011-1548",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.3,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-30T22:55:02.533",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606544"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/47167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606544"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47167"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-1550
Vulnerability from fkie_nvd - Published: 2011-03-30 22:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gentoo | logrotate | * | |
| novell | opensuse_factory | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gentoo:logrotate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24285EAC-E6BE-421E-B6C1-35CF176769E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:novell:opensuse_factory:*:*:*:*:*:*:*:*",
"matchCriteriaId": "882DC849-895C-4BD7-91AA-A8F38F418300",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate\u0027s lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages."
},
{
"lang": "es",
"value": "La configuraci\u00f3n por defecto de logrotate en SUSE openSUSE Factory utiliza privilegios de administrador para procesar ficheros en directorios que permite a un no-adminitrador acceso de escritura, lo que permite a usuarios locales conducir ataques de enlace simb\u00f3lico y enlace fijo aprovech\u00e1ndose de la falta de soporte en logrotate para directorios no confiables, como se demostr\u00f3 en directorios para el (1) cobbler, (2) inn, (3) safte-monitor, y (4) paquetes uccp."
}
],
"id": "CVE-2011-1550",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.3,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-30T22:55:02.707",
"references": [
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-1549
Vulnerability from fkie_nvd - Published: 2011-03-30 22:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gentoo:logrotate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24285EAC-E6BE-421E-B6C1-35CF176769E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "647BA336-5538-4972-9271-383A0EC9378E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate\u0027s lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages."
},
{
"lang": "es",
"value": "La configuraci\u00f3n por defecto en logrotate en Gentoo Linux utiliza privilegios de administrador para procear archivos en directorios que permite a no-administradores acceso de escritura, lo que permite a usuarios locales conducir ataques de enlace simb\u00f3lico y enlace fijo aprovech\u00e1ndose de la falta de soporte en logrotate en directorios no confiables, como fue demostrado en directorios bajo /var/log/ para paquetes."
}
],
"id": "CVE-2011-1549",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.3,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-30T22:55:02.610",
"references": [
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/47170"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47170"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2011-1549 (GCVE-0-2011-1549)
Vulnerability from cvelistv5 – Published: 2011-03-30 22:00 – Updated: 2024-08-06 22:28
VLAI?
Summary
The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "47170",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47170"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate\u0027s lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-04-21T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "47170",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47170"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate\u0027s lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "47170",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47170"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1549",
"datePublished": "2011-03-30T22:00:00",
"dateReserved": "2011-03-30T00:00:00",
"dateUpdated": "2024-08-06T22:28:41.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1154 (GCVE-0-2011-1154)
Vulnerability from cvelistv5 – Published: 2011-03-30 22:00 – Updated: 2024-08-06 22:14
VLAI?
Summary
The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:27.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "43955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43955"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "ADV-2011-0961",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0961"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=680796"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "FEDORA-2011-3739",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "ADV-2011-0791",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0791"
},
{
"name": "MDVSA-2011:065",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:065"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "FEDORA-2011-3758",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"name": "RHSA-2011:0407",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0407.html"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "ADV-2011-0872",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0872"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-04-21T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "43955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43955"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "ADV-2011-0961",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0961"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=680796"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "FEDORA-2011-3739",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "ADV-2011-0791",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0791"
},
{
"name": "MDVSA-2011:065",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:065"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "FEDORA-2011-3758",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"name": "RHSA-2011:0407",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0407.html"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "ADV-2011-0872",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0872"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1154",
"datePublished": "2011-03-30T22:00:00",
"dateReserved": "2011-03-03T00:00:00",
"dateUpdated": "2024-08-06T22:14:27.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1098 (GCVE-0-2011-1098)
Vulnerability from cvelistv5 – Published: 2011-03-30 22:00 – Updated: 2024-08-06 22:14
VLAI?
Summary
Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:27.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "43955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43955"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "ADV-2011-0961",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0961"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "FEDORA-2011-3739",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "ADV-2011-0791",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0791"
},
{
"name": "MDVSA-2011:065",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:065"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=680798"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "FEDORA-2011-3758",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"name": "RHSA-2011:0407",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0407.html"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "ADV-2011-0872",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0872"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-04-21T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "43955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43955"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "ADV-2011-0961",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0961"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "FEDORA-2011-3739",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "ADV-2011-0791",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0791"
},
{
"name": "MDVSA-2011:065",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:065"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=680798"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "FEDORA-2011-3758",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"name": "RHSA-2011:0407",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0407.html"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "ADV-2011-0872",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0872"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1098",
"datePublished": "2011-03-30T22:00:00",
"dateReserved": "2011-02-24T00:00:00",
"dateUpdated": "2024-08-06T22:14:27.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1155 (GCVE-0-2011-1155)
Vulnerability from cvelistv5 – Published: 2011-03-30 22:00 – Updated: 2024-08-06 22:14
VLAI?
Summary
The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:27.789Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "43955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43955"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "ADV-2011-0961",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0961"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "FEDORA-2011-3739",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "ADV-2011-0791",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0791"
},
{
"name": "MDVSA-2011:065",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:065"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "FEDORA-2011-3758",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=680797"
},
{
"name": "RHSA-2011:0407",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0407.html"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "ADV-2011-0872",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0872"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \\n (newline) or (2) \\ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-04-21T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "43955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43955"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "ADV-2011-0961",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0961"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "FEDORA-2011-3739",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "ADV-2011-0791",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0791"
},
{
"name": "MDVSA-2011:065",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:065"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "FEDORA-2011-3758",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=680797"
},
{
"name": "RHSA-2011:0407",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0407.html"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "ADV-2011-0872",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0872"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1155",
"datePublished": "2011-03-30T22:00:00",
"dateReserved": "2011-03-03T00:00:00",
"dateUpdated": "2024-08-06T22:14:27.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1550 (GCVE-0-2011-1550)
Vulnerability from cvelistv5 – Published: 2011-03-30 22:00 – Updated: 2024-09-16 20:37
VLAI?
Summary
The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate\u0027s lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-03-30T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate\u0027s lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1550",
"datePublished": "2011-03-30T22:00:00Z",
"dateReserved": "2011-03-30T00:00:00Z",
"dateUpdated": "2024-09-16T20:37:56.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1548 (GCVE-0-2011-1548)
Vulnerability from cvelistv5 – Published: 2011-03-30 22:00 – Updated: 2024-08-06 22:28
VLAI?
Summary
The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by /var/log/postgresql/.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"name": "47167",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47167"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606544"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate\u0027s lack of support for untrusted directories, as demonstrated by /var/log/postgresql/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-04-21T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"name": "47167",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47167"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606544"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate\u0027s lack of support for untrusted directories, as demonstrated by /var/log/postgresql/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"name": "47167",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47167"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606544",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606544"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1548",
"datePublished": "2011-03-30T22:00:00",
"dateReserved": "2011-03-30T00:00:00",
"dateUpdated": "2024-08-06T22:28:41.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1549 (GCVE-0-2011-1549)
Vulnerability from nvd – Published: 2011-03-30 22:00 – Updated: 2024-08-06 22:28
VLAI?
Summary
The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "47170",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47170"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate\u0027s lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-04-21T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "47170",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47170"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate\u0027s lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "47170",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47170"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1549",
"datePublished": "2011-03-30T22:00:00",
"dateReserved": "2011-03-30T00:00:00",
"dateUpdated": "2024-08-06T22:28:41.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1154 (GCVE-0-2011-1154)
Vulnerability from nvd – Published: 2011-03-30 22:00 – Updated: 2024-08-06 22:14
VLAI?
Summary
The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:27.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "43955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43955"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "ADV-2011-0961",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0961"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=680796"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "FEDORA-2011-3739",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "ADV-2011-0791",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0791"
},
{
"name": "MDVSA-2011:065",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:065"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "FEDORA-2011-3758",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"name": "RHSA-2011:0407",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0407.html"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "ADV-2011-0872",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0872"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-04-21T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "43955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43955"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "ADV-2011-0961",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0961"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=680796"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "FEDORA-2011-3739",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "ADV-2011-0791",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0791"
},
{
"name": "MDVSA-2011:065",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:065"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "FEDORA-2011-3758",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"name": "RHSA-2011:0407",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0407.html"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "ADV-2011-0872",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0872"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1154",
"datePublished": "2011-03-30T22:00:00",
"dateReserved": "2011-03-03T00:00:00",
"dateUpdated": "2024-08-06T22:14:27.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1098 (GCVE-0-2011-1098)
Vulnerability from nvd – Published: 2011-03-30 22:00 – Updated: 2024-08-06 22:14
VLAI?
Summary
Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:27.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "43955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43955"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "ADV-2011-0961",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0961"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "FEDORA-2011-3739",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "ADV-2011-0791",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0791"
},
{
"name": "MDVSA-2011:065",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:065"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=680798"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "FEDORA-2011-3758",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"name": "RHSA-2011:0407",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0407.html"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "ADV-2011-0872",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0872"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-04-21T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "43955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43955"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "ADV-2011-0961",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0961"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "FEDORA-2011-3739",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "ADV-2011-0791",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0791"
},
{
"name": "MDVSA-2011:065",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:065"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=680798"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "FEDORA-2011-3758",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"name": "RHSA-2011:0407",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0407.html"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "ADV-2011-0872",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0872"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1098",
"datePublished": "2011-03-30T22:00:00",
"dateReserved": "2011-02-24T00:00:00",
"dateUpdated": "2024-08-06T22:14:27.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1155 (GCVE-0-2011-1155)
Vulnerability from nvd – Published: 2011-03-30 22:00 – Updated: 2024-08-06 22:14
VLAI?
Summary
The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:27.789Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "43955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43955"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "ADV-2011-0961",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0961"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "FEDORA-2011-3739",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "ADV-2011-0791",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0791"
},
{
"name": "MDVSA-2011:065",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:065"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "FEDORA-2011-3758",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=680797"
},
{
"name": "RHSA-2011:0407",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0407.html"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "ADV-2011-0872",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0872"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \\n (newline) or (2) \\ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-04-21T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "43955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43955"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "ADV-2011-0961",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0961"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "FEDORA-2011-3739",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "ADV-2011-0791",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0791"
},
{
"name": "MDVSA-2011:065",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:065"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "FEDORA-2011-3758",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=680797"
},
{
"name": "RHSA-2011:0407",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0407.html"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "ADV-2011-0872",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0872"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1155",
"datePublished": "2011-03-30T22:00:00",
"dateReserved": "2011-03-03T00:00:00",
"dateUpdated": "2024-08-06T22:14:27.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1550 (GCVE-0-2011-1550)
Vulnerability from nvd – Published: 2011-03-30 22:00 – Updated: 2024-09-16 20:37
VLAI?
Summary
The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate\u0027s lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-03-30T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate\u0027s lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1550",
"datePublished": "2011-03-30T22:00:00Z",
"dateReserved": "2011-03-30T00:00:00Z",
"dateUpdated": "2024-09-16T20:37:56.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1548 (GCVE-0-2011-1548)
Vulnerability from nvd – Published: 2011-03-30 22:00 – Updated: 2024-08-06 22:28
VLAI?
Summary
The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by /var/log/postgresql/.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"name": "47167",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47167"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606544"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate\u0027s lack of support for untrusted directories, as demonstrated by /var/log/postgresql/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-04-21T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"name": "47167",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47167"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606544"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate\u0027s lack of support for untrusted directories, as demonstrated by /var/log/postgresql/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"name": "47167",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47167"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606544",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606544"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1548",
"datePublished": "2011-03-30T22:00:00",
"dateReserved": "2011-03-30T00:00:00",
"dateUpdated": "2024-08-06T22:28:41.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}