CVE-2011-1549

2011-03-30T22:55:00
ID CVE-2011-1549
Type cve
Reporter cve@mitre.org
Modified 2011-04-21T02:33:00

Description

The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages.