CVE-2011-1155

The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.
References
Link Resource
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html Patch
http://openwall.com/lists/oss-security/2011/03/04/16 Patch
http://openwall.com/lists/oss-security/2011/03/04/17
http://openwall.com/lists/oss-security/2011/03/04/18
http://openwall.com/lists/oss-security/2011/03/04/19
http://openwall.com/lists/oss-security/2011/03/04/22
http://openwall.com/lists/oss-security/2011/03/04/24
http://openwall.com/lists/oss-security/2011/03/04/25
http://openwall.com/lists/oss-security/2011/03/04/26
http://openwall.com/lists/oss-security/2011/03/04/27
http://openwall.com/lists/oss-security/2011/03/04/28
http://openwall.com/lists/oss-security/2011/03/04/29
http://openwall.com/lists/oss-security/2011/03/04/30
http://openwall.com/lists/oss-security/2011/03/04/31
http://openwall.com/lists/oss-security/2011/03/04/32
http://openwall.com/lists/oss-security/2011/03/04/33
http://openwall.com/lists/oss-security/2011/03/05/4
http://openwall.com/lists/oss-security/2011/03/05/6
http://openwall.com/lists/oss-security/2011/03/05/8
http://openwall.com/lists/oss-security/2011/03/06/3
http://openwall.com/lists/oss-security/2011/03/06/4
http://openwall.com/lists/oss-security/2011/03/06/5
http://openwall.com/lists/oss-security/2011/03/06/6
http://openwall.com/lists/oss-security/2011/03/07/11
http://openwall.com/lists/oss-security/2011/03/07/5
http://openwall.com/lists/oss-security/2011/03/07/6
http://openwall.com/lists/oss-security/2011/03/08/5
http://openwall.com/lists/oss-security/2011/03/10/2
http://openwall.com/lists/oss-security/2011/03/10/3
http://openwall.com/lists/oss-security/2011/03/10/6
http://openwall.com/lists/oss-security/2011/03/10/7
http://openwall.com/lists/oss-security/2011/03/11/3
http://openwall.com/lists/oss-security/2011/03/11/5
http://openwall.com/lists/oss-security/2011/03/14/26 Patch
http://openwall.com/lists/oss-security/2011/03/23/11
http://secunia.com/advisories/43955
http://www.mandriva.com/security/advisories?name=MDVSA-2011:065
http://www.redhat.com/support/errata/RHSA-2011-0407.html
http://www.vupen.com/english/advisories/2011/0791 Vendor Advisory
http://www.vupen.com/english/advisories/2011/0872
http://www.vupen.com/english/advisories/2011/0961
https://bugzilla.redhat.com/show_bug.cgi?id=680797 Patch
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html Patch
http://openwall.com/lists/oss-security/2011/03/04/16 Patch
http://openwall.com/lists/oss-security/2011/03/04/17
http://openwall.com/lists/oss-security/2011/03/04/18
http://openwall.com/lists/oss-security/2011/03/04/19
http://openwall.com/lists/oss-security/2011/03/04/22
http://openwall.com/lists/oss-security/2011/03/04/24
http://openwall.com/lists/oss-security/2011/03/04/25
http://openwall.com/lists/oss-security/2011/03/04/26
http://openwall.com/lists/oss-security/2011/03/04/27
http://openwall.com/lists/oss-security/2011/03/04/28
http://openwall.com/lists/oss-security/2011/03/04/29
http://openwall.com/lists/oss-security/2011/03/04/30
http://openwall.com/lists/oss-security/2011/03/04/31
http://openwall.com/lists/oss-security/2011/03/04/32
http://openwall.com/lists/oss-security/2011/03/04/33
http://openwall.com/lists/oss-security/2011/03/05/4
http://openwall.com/lists/oss-security/2011/03/05/6
http://openwall.com/lists/oss-security/2011/03/05/8
http://openwall.com/lists/oss-security/2011/03/06/3
http://openwall.com/lists/oss-security/2011/03/06/4
http://openwall.com/lists/oss-security/2011/03/06/5
http://openwall.com/lists/oss-security/2011/03/06/6
http://openwall.com/lists/oss-security/2011/03/07/11
http://openwall.com/lists/oss-security/2011/03/07/5
http://openwall.com/lists/oss-security/2011/03/07/6
http://openwall.com/lists/oss-security/2011/03/08/5
http://openwall.com/lists/oss-security/2011/03/10/2
http://openwall.com/lists/oss-security/2011/03/10/3
http://openwall.com/lists/oss-security/2011/03/10/6
http://openwall.com/lists/oss-security/2011/03/10/7
http://openwall.com/lists/oss-security/2011/03/11/3
http://openwall.com/lists/oss-security/2011/03/11/5
http://openwall.com/lists/oss-security/2011/03/14/26 Patch
http://openwall.com/lists/oss-security/2011/03/23/11
http://secunia.com/advisories/43955
http://www.mandriva.com/security/advisories?name=MDVSA-2011:065
http://www.redhat.com/support/errata/RHSA-2011-0407.html
http://www.vupen.com/english/advisories/2011/0791 Vendor Advisory
http://www.vupen.com/english/advisories/2011/0872
http://www.vupen.com/english/advisories/2011/0961
https://bugzilla.redhat.com/show_bug.cgi?id=680797 Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gentoo:logrotate:*:*:*:*:*:*:*:*
cpe:2.3:a:gentoo:logrotate:3.3:r2:*:*:*:*:*:*
cpe:2.3:a:gentoo:logrotate:3.5.9:*:*:*:*:*:*:*
cpe:2.3:a:gentoo:logrotate:3.5.9:r1:*:*:*:*:*:*
cpe:2.3:a:gentoo:logrotate:3.6.5:*:*:*:*:*:*:*
cpe:2.3:a:gentoo:logrotate:3.6.5:r1:*:*:*:*:*:*
cpe:2.3:a:gentoo:logrotate:3.7:*:*:*:*:*:*:*
cpe:2.3:a:gentoo:logrotate:3.7.1:*:*:*:*:*:*:*
cpe:2.3:a:gentoo:logrotate:3.7.1:r1:*:*:*:*:*:*
cpe:2.3:a:gentoo:logrotate:3.7.1:r2:*:*:*:*:*:*
cpe:2.3:a:gentoo:logrotate:3.7.2:*:*:*:*:*:*:*
cpe:2.3:a:gentoo:logrotate:3.7.6:*:*:*:*:*:*:*
cpe:2.3:a:gentoo:logrotate:3.7.7:*:*:*:*:*:*:*
cpe:2.3:a:gentoo:logrotate:3.7.8:*:*:*:*:*:*:*

History

21 Nov 2024, 01:25

Type Values Removed Values Added
References () http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html - () http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html -
References () http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html - Patch () http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html - Patch
References () http://openwall.com/lists/oss-security/2011/03/04/16 - Patch () http://openwall.com/lists/oss-security/2011/03/04/16 - Patch
References () http://openwall.com/lists/oss-security/2011/03/04/17 - () http://openwall.com/lists/oss-security/2011/03/04/17 -
References () http://openwall.com/lists/oss-security/2011/03/04/18 - () http://openwall.com/lists/oss-security/2011/03/04/18 -
References () http://openwall.com/lists/oss-security/2011/03/04/19 - () http://openwall.com/lists/oss-security/2011/03/04/19 -
References () http://openwall.com/lists/oss-security/2011/03/04/22 - () http://openwall.com/lists/oss-security/2011/03/04/22 -
References () http://openwall.com/lists/oss-security/2011/03/04/24 - () http://openwall.com/lists/oss-security/2011/03/04/24 -
References () http://openwall.com/lists/oss-security/2011/03/04/25 - () http://openwall.com/lists/oss-security/2011/03/04/25 -
References () http://openwall.com/lists/oss-security/2011/03/04/26 - () http://openwall.com/lists/oss-security/2011/03/04/26 -
References () http://openwall.com/lists/oss-security/2011/03/04/27 - () http://openwall.com/lists/oss-security/2011/03/04/27 -
References () http://openwall.com/lists/oss-security/2011/03/04/28 - () http://openwall.com/lists/oss-security/2011/03/04/28 -
References () http://openwall.com/lists/oss-security/2011/03/04/29 - () http://openwall.com/lists/oss-security/2011/03/04/29 -
References () http://openwall.com/lists/oss-security/2011/03/04/30 - () http://openwall.com/lists/oss-security/2011/03/04/30 -
References () http://openwall.com/lists/oss-security/2011/03/04/31 - () http://openwall.com/lists/oss-security/2011/03/04/31 -
References () http://openwall.com/lists/oss-security/2011/03/04/32 - () http://openwall.com/lists/oss-security/2011/03/04/32 -
References () http://openwall.com/lists/oss-security/2011/03/04/33 - () http://openwall.com/lists/oss-security/2011/03/04/33 -
References () http://openwall.com/lists/oss-security/2011/03/05/4 - () http://openwall.com/lists/oss-security/2011/03/05/4 -
References () http://openwall.com/lists/oss-security/2011/03/05/6 - () http://openwall.com/lists/oss-security/2011/03/05/6 -
References () http://openwall.com/lists/oss-security/2011/03/05/8 - () http://openwall.com/lists/oss-security/2011/03/05/8 -
References () http://openwall.com/lists/oss-security/2011/03/06/3 - () http://openwall.com/lists/oss-security/2011/03/06/3 -
References () http://openwall.com/lists/oss-security/2011/03/06/4 - () http://openwall.com/lists/oss-security/2011/03/06/4 -
References () http://openwall.com/lists/oss-security/2011/03/06/5 - () http://openwall.com/lists/oss-security/2011/03/06/5 -
References () http://openwall.com/lists/oss-security/2011/03/06/6 - () http://openwall.com/lists/oss-security/2011/03/06/6 -
References () http://openwall.com/lists/oss-security/2011/03/07/11 - () http://openwall.com/lists/oss-security/2011/03/07/11 -
References () http://openwall.com/lists/oss-security/2011/03/07/5 - () http://openwall.com/lists/oss-security/2011/03/07/5 -
References () http://openwall.com/lists/oss-security/2011/03/07/6 - () http://openwall.com/lists/oss-security/2011/03/07/6 -
References () http://openwall.com/lists/oss-security/2011/03/08/5 - () http://openwall.com/lists/oss-security/2011/03/08/5 -
References () http://openwall.com/lists/oss-security/2011/03/10/2 - () http://openwall.com/lists/oss-security/2011/03/10/2 -
References () http://openwall.com/lists/oss-security/2011/03/10/3 - () http://openwall.com/lists/oss-security/2011/03/10/3 -
References () http://openwall.com/lists/oss-security/2011/03/10/6 - () http://openwall.com/lists/oss-security/2011/03/10/6 -
References () http://openwall.com/lists/oss-security/2011/03/10/7 - () http://openwall.com/lists/oss-security/2011/03/10/7 -
References () http://openwall.com/lists/oss-security/2011/03/11/3 - () http://openwall.com/lists/oss-security/2011/03/11/3 -
References () http://openwall.com/lists/oss-security/2011/03/11/5 - () http://openwall.com/lists/oss-security/2011/03/11/5 -
References () http://openwall.com/lists/oss-security/2011/03/14/26 - Patch () http://openwall.com/lists/oss-security/2011/03/14/26 - Patch
References () http://openwall.com/lists/oss-security/2011/03/23/11 - () http://openwall.com/lists/oss-security/2011/03/23/11 -
References () http://secunia.com/advisories/43955 - () http://secunia.com/advisories/43955 -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2011:065 - () http://www.mandriva.com/security/advisories?name=MDVSA-2011:065 -
References () http://www.redhat.com/support/errata/RHSA-2011-0407.html - () http://www.redhat.com/support/errata/RHSA-2011-0407.html -
References () http://www.vupen.com/english/advisories/2011/0791 - Vendor Advisory () http://www.vupen.com/english/advisories/2011/0791 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2011/0872 - () http://www.vupen.com/english/advisories/2011/0872 -
References () http://www.vupen.com/english/advisories/2011/0961 - () http://www.vupen.com/english/advisories/2011/0961 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=680797 - Patch () https://bugzilla.redhat.com/show_bug.cgi?id=680797 - Patch

Information

Published : 2011-03-30 22:55

Updated : 2024-11-21 01:25


NVD link : CVE-2011-1155

Mitre link : CVE-2011-1155

CVE.ORG link : CVE-2011-1155


JSON object : View

Products Affected

gentoo

  • logrotate
CWE
CWE-399

Resource Management Errors