Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1154

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2011-1154
Last Modified 20 Apr 2011 10:33:30
Published 30 Mar 2011 06:55:02
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2011-1154

Summary

The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.

Vulnerable Systems

Application

  • Gentoo Logrotate 3.3

  • Gentoo Logrotate 3.5.9

  • Gentoo Logrotate 3.6.5

  • Gentoo Logrotate 3.7

  • Gentoo Logrotate 3.7.1

  • Gentoo Logrotate 3.7.2

  • Gentoo Logrotate 3.7.6

  • Gentoo Logrotate 3.7.7

  • Gentoo Logrotate 3.7.8

  • Gentoo Logrotate 3.7.9


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=680796

MLIST - [oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues

FEDORA - FEDORA-2011-3758

VUPEN - ADV-2011-0961

VUPEN - ADV-2011-0872

VUPEN - ADV-2011-0791

REDHAT - RHSA-2011:0407

MANDRIVA - MDVSA-2011:065

SECUNIA - 43955

MLIST - [oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues

MLIST - [oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues

MLIST - [oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues

MLIST - [oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues

MLIST - [oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues

MLIST - [oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues

MLIST - [oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues

MLIST - [oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues

MLIST - [oss-security] 20110304 CVE Request -- logrotate -- nine issues

FEDORA - FEDORA-2011-3739


Last Updated: 27 May 2016 10:56:11