CVE-2011-1550

Current Description

The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages.

Basic Data

PublishedMarch 30, 2011
Last ModifiedApril 07, 2011
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-264
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:M/Au:N/C:N/I:C/A:C
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score6.3
SeverityMEDIUM
Exploitability Score3.4
Impact Score9.2
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationGentooLogrotate********
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSNovellOpensuse Factory********

Vulnerable Software List

VendorProductVersions
Gentoo Logrotate *

References

NameSourceURLTags
[oss-security] 20110304 CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/04/16MLIST
[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/04/17MLIST
[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/04/18MLIST
[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/04/19MLIST
[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/04/22MLIST
[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/04/24MLIST
[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/04/25MLIST
[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/04/26MLIST
[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/04/27MLIST
[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/04/28MLIST
[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/04/29MLIST
[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/04/30MLIST
[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/04/31MLIST
[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/04/32MLIST
[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/04/33MLIST
[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/05/4MLIST
[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/05/6MLIST
[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/05/8MLIST
[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/06/3MLIST
[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/06/4MLIST
[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/06/5MLIST
[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/06/6MLIST
[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/07/11MLIST
[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/07/5MLIST
[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/07/6MLIST
[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/08/5MLIST
[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/10/2MLIST
[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/10/3MLIST
[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/10/6MLIST
[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/10/7MLIST
[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/11/3MLIST
[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/11/5MLIST
[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/14/26MLIST
[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issueshttp://openwall.com/lists/oss-security/2011/03/23/11MLIST