Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1018

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2011-1018
Last Modified 11 Feb 2014 11:27:35
Published 25 Feb 2011 02:00:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-1018

Summary

logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in a log file name, as demonstrated via a crafted username to a Samba server.

Vulnerable Systems

Application

  • Logwatch 7.3.6


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=680237

MLIST - [oss-security] 20110224 Re: CVE Request -- logwatch: Privilege escalation due improper sanitization of special characters in log file names

MLIST - [oss-security] 20110224 CVE Request -- logwatch: Privilege escalation due improper sanitization of special characters in log file names

CONFIRM - http://sourceforge.net/tracker/?func=detail&aid=3184223&group_id=312875&atid=1316824

CONFIRM - http://logwatch.svn.sourceforge.net/viewvc/logwatch/scripts/logwatch.pl?r1=3&r2=26&pathrev=26

VUPEN - ADV-2011-0596

VUPEN - ADV-2011-0581

VUPEN - ADV-2011-0533

UBUNTU - USN-1078-1

SECTRACK - 1025165

BID - 46554

REDHAT - RHSA-2011:0324

DEBIAN - DSA-2182

MLIST - [Logwatch-devel] 20110216 Remote command execution issue with root privileges

SECUNIA - 43734

SECUNIA - 43644

SECUNIA - 43622

SECUNIA - 43495

SECUNIA - 43356

FEDORA - FEDORA-2011-2396

FEDORA - FEDORA-2011-2318

FEDORA - FEDORA-2011-2328

SUSE - SUSE-SR:2011:005


Last Updated: 27 May 2016 10:55:12