CVE-2011-1550

2022-10-0316:15:09

Debian Security Bug Tracker

security-tracker.debian.org

logrotate configuration

symlink attacks

hard link attacks

non-root write access

cobbler

inn

safte-monitor

uucp

6.3 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:C/A:C

0.0004 Low

EPSS

Percentile

10.2%

JSON

The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate’s lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages.

OSVersionArchitecturePackageVersionFilename
Debian12alllogrotate< 3.21.0-1logrotate_3.21.0-1_all.deb
Debian11alllogrotate< 3.18.0-2+deb11u2logrotate_3.18.0-2+deb11u2_all.deb
Debian10alllogrotate< 3.14.0-4logrotate_3.14.0-4_all.deb
Debian999alllogrotate< 3.21.0-2logrotate_3.21.0-2_all.deb
Debian13alllogrotate< 3.21.0-2logrotate_3.21.0-2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	logrotate	< 3.21.0-1	logrotate_3.21.0-1_all.deb
Debian	11	all	logrotate	< 3.18.0-2+deb11u2	logrotate_3.18.0-2+deb11u2_all.deb
Debian	10	all	logrotate	< 3.14.0-4	logrotate_3.14.0-4_all.deb
Debian	999	all	logrotate	< 3.21.0-2	logrotate_3.21.0-2_all.deb
Debian	13	all	logrotate	< 3.21.0-2	logrotate_3.21.0-2_all.deb