Date: Thu, 10 Mar 2011 19:08:38 +0100 From: Florian Zumbiehl <florz@...rz.de> To: Josh Bressers <bressers@...hat.com> Cc: oss-security@...ts.openwall.com, "Steven M. Christey" <coley@...us.mitre.org>, Stefan Fritsch <sf@...itsch.de>, Petr Uzel <petr.uzel@...e.cz>, Thomas Biege <thomas@...e.de>, Jan Kalu??a <jkaluza@...hat.com> Subject: Re: CVE Request -- logrotate -- nine issues Hi, > > > 8) Issue #8: logrotate: TOCTOU race condition by creation of new > > > files (between opening the file and moment, final permissions have > > > been applied) [information disclosure] > > > > > > > Let' use CVE-2011-1098 for this. What about these?: | However, I think that still #6 (shell injection) and #7 (logrotate | DoS with strange characters in file names) should be considered | vulnerabilities in logrotate: It would be reasonable to assume that you | can use user input that's a valid (slash-less) filename as a (part of a) | log file name (assuming that the program is running as the same user that | inspects and rotates the logs, so the log directory being writable by | the program would not be insecure per-se) without that file name being | interpreted by a shell or causing logrotate to stop functioning, | respectively. Florian
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ