CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
29.8%
The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might
allow context-dependent attackers to execute arbitrary commands via shell
metacharacters in a log filename, as demonstrated by a filename that is
automatically constructed on the basis of a hostname or virtual machine
name.
Author | Note |
---|---|
mdeslaur | issue #6 shred option was introduced in logrotate 3.7.5 |