MDVSA-2011:065 -- Mandriva logrotateID: oval:org.secpod.oval:def:300432 | Date: (C)2012-01-07 (M)2023-02-20 |
Class: PATCH | Family: unix |
Multiple vulnerabilities were discovered and corrected in logrotate: Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place . The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name . The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service via a \n or \ character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name . Packages for 2009.0 are provided as of the Extended Maintenance Program
Platform: |
Mandriva Linux 2010.0 |
Mandriva Linux 2010.1 |
Mandriva Linux 2009.0 |