CVE-2011-1548

2011-03-3022:55:02

Debian Security Bug Tracker

security-tracker.debian.org

0.0004 Low

EPSS

Percentile

9.8%

JSON

The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate’s lack of support for untrusted directories, as demonstrated by /var/log/postgresql/.

OSVersionArchitecturePackageVersionFilename
Debian12alllogrotate< 3.7.8-6logrotate_3.7.8-6_all.deb
Debian11alllogrotate< 3.7.8-6logrotate_3.7.8-6_all.deb
Debian10alllogrotate< 3.7.8-6logrotate_3.7.8-6_all.deb
Debian999alllogrotate< 3.7.8-6logrotate_3.7.8-6_all.deb
Debian13alllogrotate< 3.7.8-6logrotate_3.7.8-6_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	logrotate	< 3.7.8-6	logrotate_3.7.8-6_all.deb
Debian	11	all	logrotate	< 3.7.8-6	logrotate_3.7.8-6_all.deb
Debian	10	all	logrotate	< 3.7.8-6	logrotate_3.7.8-6_all.deb
Debian	999	all	logrotate	< 3.7.8-6	logrotate_3.7.8-6_all.deb
Debian	13	all	logrotate	< 3.7.8-6	logrotate_3.7.8-6_all.deb

0.0004 Low

EPSS

Percentile

9.8%

JSON

Related for DEBIANCVE:CVE-2011-1548