github - ghsa-8wrv-rwr6-8qj6

GHSA-8WRV-RWR6-8QJ6

Vulnerability from github – Published: 2022-05-17 05:42 – Updated: 2022-05-17 05:42

Details

The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-1550"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-03-30T22:55:00Z",
    "severity": "MODERATE"
  },
  "details": "The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate\u0027s lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages.",
  "id": "GHSA-8wrv-rwr6-8qj6",
  "modified": "2022-05-17T05:42:20Z",
  "published": "2022-05-17T05:42:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1550"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/04/16"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/04/17"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/04/18"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/04/19"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/04/22"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/04/24"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/04/25"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/04/26"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/04/27"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/04/28"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/04/29"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/04/30"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/04/31"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/04/32"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/04/33"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/05/4"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/05/6"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/05/8"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/06/3"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/06/4"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/06/5"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/06/6"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/07/11"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/07/5"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/07/6"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/08/5"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/10/2"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/10/3"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/10/6"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/10/7"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/11/3"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/11/5"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/14/26"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/23/11"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2011-1550 (GCVE-0-2011-1550)

Vulnerability from cvelistv5 – Published: 2011-03-30 22:00 – Updated: 2024-09-16 20:37

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://openwall.com/lists/oss-security/2011/03/04/19	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2011/03/04/16	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2011/03/04/25	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2011/03/04/30	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2011/03/04/26	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2011/03/10/3	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2011/03/04/28	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2011/03/08/5	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2011/03/07/5	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2011/03/04/31	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2011/03/04/17	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2011/03/10/6	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2011/03/06/3	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2011/03/04/29	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2011/03/07/6	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2011/03/05/6	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2011/03/05/4	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2011/03/07/11	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2011/03/23/11	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2011/03/06/5	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2011/03/04/18	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2011/03/10/2	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2011/03/11/3	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2011/03/10/7	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2011/03/05/8	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2011/03/04/22	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2011/03/11/5	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2011/03/04/27	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2011/03/04/32	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2011/03/14/26	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2011/03/04/24	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2011/03/06/4	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2011/03/06/6	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2011/03/04/33	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:28:41.924Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/04/19"
          },
          {
            "name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/04/16"
          },
          {
            "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/04/25"
          },
          {
            "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/04/30"
          },
          {
            "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/04/26"
          },
          {
            "name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/10/3"
          },
          {
            "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/04/28"
          },
          {
            "name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/08/5"
          },
          {
            "name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/07/5"
          },
          {
            "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/04/31"
          },
          {
            "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/04/17"
          },
          {
            "name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/10/6"
          },
          {
            "name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/06/3"
          },
          {
            "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/04/29"
          },
          {
            "name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/07/6"
          },
          {
            "name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/05/6"
          },
          {
            "name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/05/4"
          },
          {
            "name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/07/11"
          },
          {
            "name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/23/11"
          },
          {
            "name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/06/5"
          },
          {
            "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/04/18"
          },
          {
            "name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/10/2"
          },
          {
            "name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/11/3"
          },
          {
            "name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/10/7"
          },
          {
            "name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/05/8"
          },
          {
            "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/04/22"
          },
          {
            "name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/11/5"
          },
          {
            "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/04/27"
          },
          {
            "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/04/32"
          },
          {
            "name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/14/26"
          },
          {
            "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/04/24"
          },
          {
            "name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/06/4"
          },
          {
            "name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/06/6"
          },
          {
            "name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/04/33"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate\u0027s lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-03-30T22:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/04/19"
        },
        {
          "name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/04/16"
        },
        {
          "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/04/25"
        },
        {
          "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/04/30"
        },
        {
          "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/04/26"
        },
        {
          "name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/10/3"
        },
        {
          "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/04/28"
        },
        {
          "name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/08/5"
        },
        {
          "name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/07/5"
        },
        {
          "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/04/31"
        },
        {
          "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/04/17"
        },
        {
          "name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/10/6"
        },
        {
          "name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/06/3"
        },
        {
          "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/04/29"
        },
        {
          "name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/07/6"
        },
        {
          "name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/05/6"
        },
        {
          "name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/05/4"
        },
        {
          "name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/07/11"
        },
        {
          "name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/23/11"
        },
        {
          "name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/06/5"
        },
        {
          "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/04/18"
        },
        {
          "name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/10/2"
        },
        {
          "name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/11/3"
        },
        {
          "name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/10/7"
        },
        {
          "name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/05/8"
        },
        {
          "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/04/22"
        },
        {
          "name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/11/5"
        },
        {
          "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/04/27"
        },
        {
          "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/04/32"
        },
        {
          "name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/14/26"
        },
        {
          "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/04/24"
        },
        {
          "name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/06/4"
        },
        {
          "name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/06/6"
        },
        {
          "name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/04/33"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-1550",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate\u0027s lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/04/19"
            },
            {
              "name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/04/16"
            },
            {
              "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/04/25"
            },
            {
              "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/04/30"
            },
            {
              "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/04/26"
            },
            {
              "name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/10/3"
            },
            {
              "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/04/28"
            },
            {
              "name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/08/5"
            },
            {
              "name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/07/5"
            },
            {
              "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/04/31"
            },
            {
              "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/04/17"
            },
            {
              "name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/10/6"
            },
            {
              "name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/06/3"
            },
            {
              "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/04/29"
            },
            {
              "name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/07/6"
            },
            {
              "name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/05/6"
            },
            {
              "name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/05/4"
            },
            {
              "name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/07/11"
            },
            {
              "name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/23/11"
            },
            {
              "name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/06/5"
            },
            {
              "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/04/18"
            },
            {
              "name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/10/2"
            },
            {
              "name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/11/3"
            },
            {
              "name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/10/7"
            },
            {
              "name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/05/8"
            },
            {
              "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/04/22"
            },
            {
              "name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/11/5"
            },
            {
              "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/04/27"
            },
            {
              "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/04/32"
            },
            {
              "name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/14/26"
            },
            {
              "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/04/24"
            },
            {
              "name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/06/4"
            },
            {
              "name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/06/6"
            },
            {
              "name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/04/33"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-1550",
    "datePublished": "2011-03-30T22:00:00Z",
    "dateReserved": "2011-03-30T00:00:00Z",
    "dateUpdated": "2024-09-16T20:37:56.047Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-8WRV-RWR6-8QJ6

CVE-2011-1550 (GCVE-0-2011-1550)

Tags

Sightings

Nomenclature