Date: Mon, 14 Mar 2011 17:06:02 -0400 (EDT) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: Stefan Fritsch <sf@...itsch.de>, Jan Kaluza <jkaluza@...hat.com>, Florian Zumbiehl <florz@...rz.de>, Paul Martin <pm@...ian.org>, Petr Uzel <petr.uzel@...e.cz>, Thomas Biege <thomas@...e.de>, "Steven M. Christey" <coley@...us.mitre.org> Subject: Re: CVE Request -- logrotate -- nine issues > > 6) Issue #6: logrotate: Shell command injection by using the shred > configuration directive > > A shell command injection flaw was found in the way the logrotate utility > handled shred configuration directive (intended to ensure the log files > are not readable after their scheduled deletion). A local attacker could > use this flaw to execute arbitrary system commands (if the logrotate was > run under privileged system user account, root) when the logrotate > utility was run on a log file, within attacker controllable directory. > > References: >  https://bugzilla.redhat.com/show_bug.cgi?id=680796 > > Proposed patch: >  https://bugzilla.redhat.com/show_bug.cgi?id=680796#c5 > > Note: Sixth CVE required. The shred option has been introduced in > logrotate v3.7.5. Please use CVE-2011-1154 for the above issue > ---------- > > 7) Issue #7: logrotate: DoS due improper escaping of file names > within 'write state' action > > A denial of service flaw was found in the way the logrotate utility > performed arguments sanitization, when performing the 'write state' > action. A local attacker could use this flaw to cause abort in > subsequent logrotate runs via a specially-crafted log file name. > > References: >  https://bugzilla.redhat.com/show_bug.cgi?id=680797 > > Proposed patch: >  https://bugzilla.redhat.com/show_bug.cgi?id=680797#c3 > Please use CVE-2011-1155 for the above issue Thanks. -- JB
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ