Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 14 Mar 2011 17:06:02 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: Stefan Fritsch <sf@...itsch.de>, Jan Kaluza <jkaluza@...hat.com>,
        Florian Zumbiehl <florz@...rz.de>, Paul Martin <pm@...ian.org>,
        Petr Uzel <petr.uzel@...e.cz>, Thomas Biege <thomas@...e.de>,
        "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE Request -- logrotate -- nine issues

> 
> 6) Issue #6: logrotate: Shell command injection by using the shred
> configuration directive
> 
> A shell command injection flaw was found in the way the logrotate utility
> handled shred configuration directive (intended to ensure the log files
> are not readable after their scheduled deletion). A local attacker could
> use this flaw to execute arbitrary system commands (if the logrotate was
> run under privileged system user account, root) when the logrotate
> utility was run on a log file, within attacker controllable directory.
> 
> References:
> [10] https://bugzilla.redhat.com/show_bug.cgi?id=680796
> 
> Proposed patch:
> [11] https://bugzilla.redhat.com/show_bug.cgi?id=680796#c5
> 
> Note: Sixth CVE required. The shred option has been introduced in
> logrotate v3.7.5.

Please use CVE-2011-1154 for the above issue

> ----------
> 
> 7) Issue #7: logrotate: DoS due improper escaping of file names
> within 'write state' action
> 
> A denial of service flaw was found in the way the logrotate utility
> performed arguments sanitization, when performing the 'write state'
> action.  A local attacker could use this flaw to cause abort in
> subsequent logrotate runs via a specially-crafted log file name.
> 
> References:
> [12] https://bugzilla.redhat.com/show_bug.cgi?id=680797
> 
> Proposed patch:
> [13] https://bugzilla.redhat.com/show_bug.cgi?id=680797#c3
> 

Please use CVE-2011-1155 for the above issue

Thanks.

-- 
    JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ