Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201206-36
HistoryJun 25, 2012 - 12:00 a.m.

logrotate: Multiple vulnerabilities

2012-06-2500:00:00
Gentoo Foundation
security.gentoo.org
14

0.001 Low

EPSS

Percentile

40.5%

JSON

Background

logrotate rotates, compresses, and mails system logs.

Description

Multiple vulnerabilities have been discovered in logrotate. Please review the CVE identifiers referenced below for details.

Impact

A local attacker could use this flaw to truncate arbitrary system file, to change file owner or mode on arbitrary system files, to conduct symlink attacks and send arbitrary system files, to execute arbitrary system commands, to cause abort in subsequent logrotate runs, to disclose sensitive information, to execute arbitrary code or cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All logrotate users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-admin/logrotate-3.8.0"
OSVersionArchitecturePackageVersionFilename
Gentooanyallapp-admin/logrotate< 3.8.0UNKNOWN

Related

nessus 18
openvas 11
fedora 2
seebug 1
securityvulns 3
oraclelinux 1
redhat 1
ubuntu 1
f5 6
cve 4
prion 4
ubuntucve 5
cvelist 4
debiancve 4
nessus
nessus
GLSA-201206-36 : logrotate: Multiple vulnerabilities
2012-06-26 00:00:00
SuSE 11.1 Security Update : logrotate (SAT Patch Number 4583)
2011-05-26 00:00:00
Scientific Linux Security Update : logrotate on SL6.x i386/x86_64
2012-08-01 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201206-36 (logrotate)
2012-08-10 00:00:00
Gentoo Security Advisory GLSA 201206-36 (logrotate)
2012-08-10 00:00:00
Fedora Update for logrotate FEDORA-2011-3739
2011-04-19 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: logrotate-3.7.9-2.fc14
2011-04-11 20:59:43
[SECURITY] Fedora 15 Update: logrotate-3.7.9-8.fc15
2011-03-29 04:00:10
seebug
seebug
Red Hat Enterprise Linux logrotate任意执行命令及信息泄露漏洞
2011-04-02 00:00:00
securityvulns
securityvulns
[ MDVSA-2011:065 ] logrotate
2011-04-06 00:00:00
[USN-1172-1] logrotate vulnerabilities
2011-07-26 00:00:00
logrotate multiple security vulnerabilities
2011-07-26 00:00:00
oraclelinux
oraclelinux
logrotate security update
2011-03-31 00:00:00
redhat
redhat
(RHSA-2011:0407) Moderate: logrotate security update
2011-03-31 00:00:00
ubuntu
ubuntu
logrotate vulnerabilities
2011-07-21 00:00:00
f5
f5
SOL16871 - logrotate vulnerability CVE-2011-1155
2015-07-08 00:00:00
K16871 : logrotate vulnerability CVE-2011-1155
2015-09-16 00:00:00
K16870 : logrotate vulnerability CVE-2011-1154
2015-09-17 00:00:00
cve
cve
CVE-2011-1154
2011-03-30 22:55:00
CVE-2011-1155
2011-03-30 22:55:00
CVE-2011-1098
2011-03-30 22:55:00
prion
prion
Design/Logic Flaw
2011-03-30 22:55:00
Race condition
2011-03-30 22:55:00
Design/Logic Flaw
2011-03-30 22:55:00
ubuntucve
ubuntucve
CVE-2011-1155
2011-03-30 00:00:00
CVE-2011-1098
2011-03-30 00:00:00
CVE-2011-1154
2011-03-30 00:00:00
cvelist
cvelist
CVE-2011-1155
2011-03-30 22:00:00
CVE-2011-1154
2011-03-30 22:00:00
CVE-2011-1098
2011-03-30 22:00:00
debiancve
debiancve
CVE-2011-1154
2011-03-30 22:55:00
CVE-2011-1098
2011-03-30 22:55:00
CVE-2011-1155
2011-03-30 22:55:00

0.001 Low

EPSS

Percentile

40.5%

JSON
Related for GLSA-201206-36
nessus18openvas11fedora2seebug1securityvulns3oraclelinux1redhat1ubuntu1f56cve4prion4ubuntucve5cvelist4debiancve4