Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1550

Overview

Vulnerability Score 6.3 6.3
CVE Id CVE-2011-1550
Last Modified 07 Apr 2011 12:00:00
Published 30 Mar 2011 06:55:02
Confidentiality Impact NONE NONE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2011-1550

Summary

The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages.

Vulnerable Systems

Application

  • Gentoo Logrotate


References

MLIST - [oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues

MLIST - [oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues

MLIST - [oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues

MLIST - [oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues

MLIST - [oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues

MLIST - [oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues

MLIST - [oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues

MLIST - [oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues

MLIST - [oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues

MLIST - [oss-security] 20110304 CVE Request -- logrotate -- nine issues

Related Patches

Novell SUSE 2012:5745 logrotate recommended update for SLE 11 SP1 i586

Novell SUSE 2012:5745 logrotate recommended update for SLE 11 SP1 x86_64

Novell SUSE 2012:7947 logrotate recommended update for SLE 10 SP4 i586

Novell SUSE 2012:7947 logrotate recommended update for SLE 10 SP4 x86_64


Last Updated: 27 May 2016 10:56:22