20 matches found
K16870: logrotate vulnerability CVE-2011-1154
Security Advisory Description The shredfile function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a...
NewStart CGSL MAIN 6.02 : logrotate Multiple Vulnerabilities (NS-SA-2022-0095)
The remote NewStart CGSL host, running version MAIN 6.02, has logrotate packages installed that are affected by multiple vulnerabilities: - Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before th...
NewStart CGSL CORE 5.05 / MAIN 5.05 : logrotate Multiple Vulnerabilities (NS-SA-2022-0037)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has logrotate packages installed that are affected by multiple vulnerabilities: - Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a fi...
NewStart CGSL CORE 5.04 / MAIN 5.04 : logrotate Multiple Vulnerabilities (NS-SA-2021-0108)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has logrotate packages installed that are affected by multiple vulnerabilities: - Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a fi...
SOL16870 - logrotate vulnerability CVE-2011-1154
Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...
openSUSE Security Update : logrotate (openSUSE-SU-2011:0536-1)
This update for logrotate provides the following fixes : dbg114-logrotate-4580 logrotate-4580 newupdateinfo The shredfile function in logrotate might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is...
Oracle Linux 6 : logrotate (ELSA-2011-0407)
The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2011-0407 advisory. 3.7.8-12.1 - fix 688518 - fixed CVE-2011-1154, CVE-2011-1155 and CVE-2011-1098 Tenable has extracted the preceding description block directly from the...
Scientific Linux Security Update : logrotate on SL6.x i386/x86_64
A shell command injection flaw was found in the way logrotate handled the shred directive. A specially crafted log file could cause logrotate to execute arbitrary commands with the privileges of the user running logrotate root, by default. Note: The shred directive is not enabled by default...
Ubuntu: Security Advisory (USN-1172-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : logrotate vulnerabilities (USN-1172-1)
It was discovered that logrotate incorrectly handled the creation of new log files. Local users could possibly read log files if they were opened before permissions were in place. This issue only affected Ubuntu 8.04 LTS. CVE-2011-1098 It was discovered that logrotate incorrectly handled certain...
USN-1172-1: logrotate vulnerabilities
It was discovered that logrotate incorrectly handled the creation of new log files. Local users could possibly read log files if they were opened before permissions were in place. This issue only affected Ubuntu 8.04 LTS. CVE-2011-1098 It was discovered that logrotate incorrectly handled certain...
Fedora 14 : logrotate-3.7.9-2.fc14 (2011-3739)
Fixes CVE-2011-1154, CVE-2011-1155 and CVE-2011-1098. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Mandriva Update for logrotate MDVSA-2011:065 (logrotate)
Check for the Version of logrotate OpenVAS Vulnerability Test Mandriva Update for logrotate MDVSA-2011:065 logrotate Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...
Mandriva Update for logrotate MDVSA-2011:065 (logrotate)
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
[ MDVSA-2011:065 ] logrotate
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:065 http://www.mandriva.com/security/ Package : logrotate Date : April 5, 2011 Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities were...
Mandriva Linux Security Advisory : logrotate (MDVSA-2011:065)
Multiple vulnerabilities were discovered and corrected in logrotate : Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place CVE-2011-1098. The shredfile...
Red Hat Enterprise Linux logrotate任意执行命令及信息泄露漏洞
CVE ID: CVE-2011-1155,CVE-2011-1154,CVE-2011-1098 logrotate程序可简化多个日志文件的管理,允许日志文件的自动循环、压缩、删除和 邮寄。 logrotate处理shred指令时存在shell命令注入漏洞,特制日志文件可造成logrotate 以运行logrotate默认root的用户权限执行任意命令。注意:默认没有启用shred指令。 logrotate在创建新日志文件时应用权限的方式中存在竞争条件漏洞,在一些特定配置 中,本地攻击者可利用此漏洞在logrotate应用最终权限之前打开新的日志文件,可导 致泄露敏感信息。...
CVE-2011-1154
The shredfile function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name...
CVE-2011-1154
CVE-2011-1154 affects logrotate up to version 3.7.9. The vulnerability arises in the shred_file function in logrotate.c, where a log filename containing shell metacharacters can allow context‑dependent attackers to execute arbitrary commands. Impact is improvement of command execution risk in fil...
Fedora 15 : logrotate-3.7.9-8.fc15 (2011-3758)
Fixes CVE-2011-1154, CVE-2011-1155 and CVE-2011-1098. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...