Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 14 Mar 2011 17:06:02 -0400 (EDT)
From: Josh Bressers <>
Cc: Stefan Fritsch <>, Jan Kaluza <>,
        Florian Zumbiehl <>, Paul Martin <>,
        Petr Uzel <>, Thomas Biege <>,
        "Steven M. Christey" <>
Subject: Re: CVE Request -- logrotate -- nine issues

> 6) Issue #6: logrotate: Shell command injection by using the shred
> configuration directive
> A shell command injection flaw was found in the way the logrotate utility
> handled shred configuration directive (intended to ensure the log files
> are not readable after their scheduled deletion). A local attacker could
> use this flaw to execute arbitrary system commands (if the logrotate was
> run under privileged system user account, root) when the logrotate
> utility was run on a log file, within attacker controllable directory.
> References:
> [10]
> Proposed patch:
> [11]
> Note: Sixth CVE required. The shred option has been introduced in
> logrotate v3.7.5.

Please use CVE-2011-1154 for the above issue

> ----------
> 7) Issue #7: logrotate: DoS due improper escaping of file names
> within 'write state' action
> A denial of service flaw was found in the way the logrotate utility
> performed arguments sanitization, when performing the 'write state'
> action.  A local attacker could use this flaw to cause abort in
> subsequent logrotate runs via a specially-crafted log file name.
> References:
> [12]
> Proposed patch:
> [13]

Please use CVE-2011-1155 for the above issue



Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ