Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 11 Mar 2011 17:17:48 +0300
From: Solar Designer <>
To: Florian Zumbiehl <>
Cc:, Josh Bressers <>,
	"Steven M. Christey" <>,
	Stefan Fritsch <>, Petr Uzel <>,
	Thomas Biege <>, Jan Kalu??a <>
Subject: Re: CVE Request -- logrotate -- nine issues

On Thu, Mar 10, 2011 at 10:32:43PM +0100, Florian Zumbiehl wrote:
> > > | However, I think that still #6 (shell injection) and #7 (logrotate
> > > | DoS with strange characters in file names) should be considered
> > > | vulnerabilities in logrotate: ...
> I was thinking more in the direction of an existing config that includes
> a wildcard and software that uses user input to construct file names
> that would be matched by that wildcard. An example of such software
> would be samba, which tends to create per-client-host log files named
> after those hosts. I don't have a clue whether samba could be made to
> include any shell meta characters (does it even do reverse lookups for
> that?), but I guess you get the idea.

This makes sense, and I agree that it's a reason for logrotate to treat
log filenames as potentially untrusted input.  It's probably also a
reason to get CVE ids assigned.

Thank you for explaining the attack vector here!


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ