Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.3
CVSSv2

CVE-2011-1548

Published: 30/03/2011 Updated: 21/04/2011
CVSS v2 Base Score: 6.3 | Impact Score: 9.2 | Exploitability Score: 3.4
VMScore: 561
Vector: AV:L/AC:M/Au:N/C:N/I:C/A:C
Subscribe to Gentoo

Vulnerability Summary

The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by /var/log/postgresql/.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gentoo logrotate

Vendor Advisories

Ubuntu Security Notice: logrotate vulnerabilities
An attacker could cause logrotate to run programs, stop working, or read and write arbitrary files ...

References

CWE-264http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606544http://openwall.com/lists/oss-security/2011/03/04/22http://openwall.com/lists/oss-security/2011/03/06/6http://openwall.com/lists/oss-security/2011/03/04/16http://openwall.com/lists/oss-security/2011/03/10/7http://openwall.com/lists/oss-security/2011/03/06/5http://openwall.com/lists/oss-security/2011/03/05/4http://openwall.com/lists/oss-security/2011/03/10/6http://openwall.com/lists/oss-security/2011/03/06/3http://openwall.com/lists/oss-security/2011/03/04/26http://openwall.com/lists/oss-security/2011/03/07/5http://openwall.com/lists/oss-security/2011/03/04/27http://openwall.com/lists/oss-security/2011/03/04/30http://openwall.com/lists/oss-security/2011/03/23/11http://openwall.com/lists/oss-security/2011/03/06/4http://openwall.com/lists/oss-security/2011/03/11/3http://openwall.com/lists/oss-security/2011/03/04/25http://openwall.com/lists/oss-security/2011/03/04/31http://openwall.com/lists/oss-security/2011/03/05/8http://openwall.com/lists/oss-security/2011/03/04/18http://openwall.com/lists/oss-security/2011/03/04/33http://openwall.com/lists/oss-security/2011/03/04/28http://openwall.com/lists/oss-security/2011/03/04/24http://openwall.com/lists/oss-security/2011/03/07/6http://openwall.com/lists/oss-security/2011/03/08/5http://openwall.com/lists/oss-security/2011/03/14/26http://openwall.com/lists/oss-security/2011/03/05/6http://openwall.com/lists/oss-security/2011/03/10/3http://openwall.com/lists/oss-security/2011/03/10/2http://openwall.com/lists/oss-security/2011/03/04/32http://openwall.com/lists/oss-security/2011/03/04/17http://openwall.com/lists/oss-security/2011/03/04/29http://openwall.com/lists/oss-security/2011/03/04/19http://openwall.com/lists/oss-security/2011/03/07/11http://openwall.com/lists/oss-security/2011/03/11/5http://www.securityfocus.com/bid/47167https://usn.ubuntu.com/1172-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook