Gentoo Linux Security Advisory 201206-36 - Multiple vulnerabilities were found in logrotate, which could lead to arbitrary system command execution. Versions less than 3.8.0 are affected.
be9fd5a4e003c592a8e519a6693aa11f6ecc9162b5f96b4262f00bd5843d1bdeUbuntu Security Notice 1172-1 - It was discovered that logrotate incorrectly handled the creation of new log files. Local users could possibly read log files if they were opened before permissions were in place. This issue only affected Ubuntu 8.04 LTS. It was discovered that logrotate incorrectly handled certain log file names when used with the shred option. Local attackers able to create log files with specially crafted filenames could use this issue to execute arbitrary code. This issue only affected Ubuntu 10.04 LTS, 10.10, and 11.04. Various other issues were also addressed.
eada5edc859cb5636e8793b60962d15ddf0ebab2fd051d849946102d688dc9bcMandriva Linux Security Advisory 2011-065 - Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place. The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name. The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.
ddd7092fc719230ad39aafb4df1ca804827100c4f41a22bd0c33e573caa8e096
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed