[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2011-1549Date: (C)2011-03-30   (M)2023-12-22


The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.3
Exploit Score: 3.4
Impact Score: 9.2
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
BID-47170
http://openwall.com/lists/oss-security/2011/03/04/16
http://openwall.com/lists/oss-security/2011/03/04/19
http://openwall.com/lists/oss-security/2011/03/05/4
http://openwall.com/lists/oss-security/2011/03/06/3
http://openwall.com/lists/oss-security/2011/03/07/5
http://openwall.com/lists/oss-security/2011/03/08/5
http://openwall.com/lists/oss-security/2011/03/10/3
http://openwall.com/lists/oss-security/2011/03/11/3
http://openwall.com/lists/oss-security/2011/03/14/26
http://openwall.com/lists/oss-security/2011/03/23/11

CPE    2
cpe:/a:gentoo:logrotate
cpe:/o:gentoo:linux
CWE    1
CWE-264

© SecPod Technologies