MiracleLinux 4 : logwatch-7.3.6-49.AXS4 (AXSA:2011-84:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2011-84:01 advisory. Logwatch is a customizable, pluggable log-monitoring system. It will go through your logs for a given period of time and make a report in the areas that you wi...

openSUSE Security Update : logwatch (openSUSE-SU-2011:0242-1)

The update of logwatch improves the input validation. Before it was possible by an attacker to use special characters in a log-file to execute arbitrary commands. CVSS v2 Base Score: 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and packa...

Oracle Linux 6 : logwatch (ELSA-2011-0324)

The remote Oracle Linux 6 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2011-0324 advisory. 7.3.6-49 - Added fix for CVE-2011-1018: Privilege escalation due improper sanitization of special characters in log file names Resolves: 680304 Tenable has...

Scientific Linux Security Update : logwatch on SL5.x, SL6.x i386/x86_64

A flaw was found in the way Logwatch processed log files. If an attacker were able to create a log file with a malicious file name, it could result in arbitrary code execution with the privileges of the root user when that log file is analyzed by Logwatch. CVE-2011-1018 %NASLMINLEVEL 70300 C...

Gentoo Security Advisory GLSA 201203-20 (Logwatch)

The remote host is missing updates announced in advisory GLSA 201203-20. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...

CentOS Update for logwatch CESA-2011:0324 centos5 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

openSUSE Security Update : logwatch (openSUSE-SU-2011:0242-1)

The update of logwatch improves the input validation. Before it was possible by an attacker to use special characters in a log-file to execute arbitrary commands. CVSS v2 Base Score: 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and packa...

CentOS 5 : logwatch (CESA-2011:0324)

An updated logwatch package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

SuSE 11.1 Security Update : logwatch (SAT Patch Number 4236)

Shell meta characters in log file names could lead to execution of arbitrary code. CVE-2011-1018 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text itself is copyright C Novell, Inc...

Fedora Update for logwatch FEDORA-2011-2318

Check for the Version of logwatch OpenVAS Vulnerability Test Fedora Update for logwatch FEDORA-2011-2318 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Fedora Update for logwatch FEDORA-2011-2328

Check for the Version of logwatch OpenVAS Vulnerability Test Fedora Update for logwatch FEDORA-2011-2328 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Fedora Update for logwatch FEDORA-2011-2328

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora Update for logwatch FEDORA-2011-2318

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora 15 : logwatch-7.3.6-66.20110203svn25.fc15 (2011-2396)

This update fixes CVE-2011-1018: Privilege escalation due improper sanitization of special characters in log file names Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and...

Fedora 13 : logwatch-7.3.6-55.fc13 (2011-2318)

This update fixes CVE-2011-1018: Privilege escalation due improper sanitization of special characters in log file names Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and...

logwatch security update

7.3.6-49 - Added fix for CVE-2011-1018: Privilege escalation due improper sanitization of special characters in log file names Resolves: 680304...

Debian DSA-2182-1 : logwatch - shell command injection

Dominik George discovered that Logwatch does not guard against shell meta-characters in crafted log file names such as those produced by Samba. As a result, an attacker might be able to execute shell commands on the system running Logwatch. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

[USN-1078-1] Logwatch vulnerability

=========================================================== Ubuntu Security Notice USN-1078-1 March 01, 2011 logwatch vulnerability CVE-2011-1018 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 9.10 Ubuntu...

CVE-2011-1018

logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in a log file name, as demonstrated via a crafted username to a Samba server...

CVE-2011-1018

CVE-2011-1018 affects Logwatch 7.3.6 (logwatch.pl) where remote attackers can execute arbitrary commands via shell metacharacters in a log file name, demonstrated via a crafted Samba username. Multiple advisories (RHEL/Oracle/OpenSUSE/MiracleLinux, CentOS/Scientific Linux/OpenVAS) reference this ...