Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1098

Overview

Vulnerability Score 1.9 1.9
CVE Id CVE-2011-1098
Last Modified 20 Apr 2011 10:33:25
Published 30 Mar 2011 06:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2011-1098

Summary

Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place.

Vulnerable Systems

Application

  • Gentoo Logrotate 3.3

  • Gentoo Logrotate 3.5.9

  • Gentoo Logrotate 3.6.5

  • Gentoo Logrotate 3.7

  • Gentoo Logrotate 3.7.1

  • Gentoo Logrotate 3.7.2

  • Gentoo Logrotate 3.7.6

  • Gentoo Logrotate 3.7.7

  • Gentoo Logrotate 3.7.8

  • Gentoo Logrotate 3.7.9


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=680798

MLIST - [oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues

MLIST - [oss-security] 20110304 CVE Request -- logrotate -- nine issues

FEDORA - FEDORA-2011-3758

VUPEN - ADV-2011-0961

VUPEN - ADV-2011-0872

VUPEN - ADV-2011-0791

REDHAT - RHSA-2011:0407

MANDRIVA - MDVSA-2011:065

SECUNIA - 43955

MLIST - [oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues

MLIST - [oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues

MLIST - [oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues

MLIST - [oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues

MLIST - [oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues

MLIST - [oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues

MLIST - [oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues

MLIST - [oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues

FEDORA - FEDORA-2011-3739

Related Patches

Novell SUSE 2011:7533 logrotate security update for SLE 10 SP4 i586


Last Updated: 27 May 2016 10:56:09