CVE-2011-1549

Current Description

The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages.

Basic Data

PublishedMarch 30, 2011
Last ModifiedApril 21, 2011
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-264
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:M/Au:N/C:N/I:C/A:C
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score6.3
SeverityMEDIUM
Exploitability Score3.4
Impact Score9.2
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationGentooLogrotate********
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSGentooLinux********

Vulnerable Software List

VendorProductVersions
Gentoo Logrotate *

References

NameSourceURLTags
[oss-security] 20110304 CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/04/16MLIST
[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/04/17MLIST
[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/04/18MLIST
[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/04/19MLIST
[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/04/22MLIST
[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/04/24MLIST
[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/04/25MLIST
[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/04/26MLIST
[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/04/27MLIST
[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/04/28MLIST
[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/04/29MLIST
[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/04/30MLIST
[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/04/31MLIST
[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/04/32MLIST
[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/04/33MLIST
[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/05/4MLIST
[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/05/6MLIST
[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/05/8MLIST
[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/06/3MLIST
[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/06/4MLIST
[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/06/5MLIST
[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/06/6MLIST
[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/07/11MLIST
[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/07/5MLIST
[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/07/6MLIST
[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/08/5MLIST
[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/10/2MLIST
[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/10/3MLIST
[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/10/6MLIST
[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/10/7MLIST
[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/11/3MLIST
[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/11/5MLIST
[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/14/26MLIST
[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/23/11MLIST
47170http://www.securityfocus.com/bid/47170BID