The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages.
References
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 01:26
Type | Values Removed | Values Added |
---|---|---|
References | () http://openwall.com/lists/oss-security/2011/03/04/16 - | |
References | () http://openwall.com/lists/oss-security/2011/03/04/17 - | |
References | () http://openwall.com/lists/oss-security/2011/03/04/18 - | |
References | () http://openwall.com/lists/oss-security/2011/03/04/19 - | |
References | () http://openwall.com/lists/oss-security/2011/03/04/22 - | |
References | () http://openwall.com/lists/oss-security/2011/03/04/24 - | |
References | () http://openwall.com/lists/oss-security/2011/03/04/25 - | |
References | () http://openwall.com/lists/oss-security/2011/03/04/26 - | |
References | () http://openwall.com/lists/oss-security/2011/03/04/27 - | |
References | () http://openwall.com/lists/oss-security/2011/03/04/28 - | |
References | () http://openwall.com/lists/oss-security/2011/03/04/29 - | |
References | () http://openwall.com/lists/oss-security/2011/03/04/30 - | |
References | () http://openwall.com/lists/oss-security/2011/03/04/31 - | |
References | () http://openwall.com/lists/oss-security/2011/03/04/32 - | |
References | () http://openwall.com/lists/oss-security/2011/03/04/33 - | |
References | () http://openwall.com/lists/oss-security/2011/03/05/4 - | |
References | () http://openwall.com/lists/oss-security/2011/03/05/6 - | |
References | () http://openwall.com/lists/oss-security/2011/03/05/8 - | |
References | () http://openwall.com/lists/oss-security/2011/03/06/3 - | |
References | () http://openwall.com/lists/oss-security/2011/03/06/4 - | |
References | () http://openwall.com/lists/oss-security/2011/03/06/5 - | |
References | () http://openwall.com/lists/oss-security/2011/03/06/6 - | |
References | () http://openwall.com/lists/oss-security/2011/03/07/11 - | |
References | () http://openwall.com/lists/oss-security/2011/03/07/5 - | |
References | () http://openwall.com/lists/oss-security/2011/03/07/6 - | |
References | () http://openwall.com/lists/oss-security/2011/03/08/5 - | |
References | () http://openwall.com/lists/oss-security/2011/03/10/2 - | |
References | () http://openwall.com/lists/oss-security/2011/03/10/3 - | |
References | () http://openwall.com/lists/oss-security/2011/03/10/6 - | |
References | () http://openwall.com/lists/oss-security/2011/03/10/7 - | |
References | () http://openwall.com/lists/oss-security/2011/03/11/3 - | |
References | () http://openwall.com/lists/oss-security/2011/03/11/5 - | |
References | () http://openwall.com/lists/oss-security/2011/03/14/26 - | |
References | () http://openwall.com/lists/oss-security/2011/03/23/11 - | |
References | () http://www.securityfocus.com/bid/47170 - |
Information
Published : 2011-03-30 22:55
Updated : 2024-11-21 01:26
NVD link : CVE-2011-1549
Mitre link : CVE-2011-1549
CVE.ORG link : CVE-2011-1549
JSON object : View
Products Affected
gentoo
- linux
- logrotate
CWE
CWE-264
Permissions, Privileges, and Access Controls