oss-sec mailing list archives
Re: CVE Request -- logrotate -- nine issues
From: Josh Bressers <bressers () redhat com>
Date: Mon, 14 Mar 2011 17:06:02 -0400 (EDT)
6) Issue #6: logrotate: Shell command injection by using the shred configuration directive A shell command injection flaw was found in the way the logrotate utility handled shred configuration directive (intended to ensure the log files are not readable after their scheduled deletion). A local attacker could use this flaw to execute arbitrary system commands (if the logrotate was run under privileged system user account, root) when the logrotate utility was run on a log file, within attacker controllable directory. References: [10] https://bugzilla.redhat.com/show_bug.cgi?id=680796 Proposed patch: [11] https://bugzilla.redhat.com/show_bug.cgi?id=680796#c5 Note: Sixth CVE required. The shred option has been introduced in logrotate v3.7.5.
Please use CVE-2011-1154 for the above issue
---------- 7) Issue #7: logrotate: DoS due improper escaping of file names within 'write state' action A denial of service flaw was found in the way the logrotate utility performed arguments sanitization, when performing the 'write state' action. A local attacker could use this flaw to cause abort in subsequent logrotate runs via a specially-crafted log file name. References: [12] https://bugzilla.redhat.com/show_bug.cgi?id=680797 Proposed patch: [13] https://bugzilla.redhat.com/show_bug.cgi?id=680797#c3
Please use CVE-2011-1155 for the above issue Thanks. -- JB
Current thread:
- Re: CVE Request -- logrotate -- nine issues, (continued)
- Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 10)
- Re: CVE Request -- logrotate -- nine issues Florian Zumbiehl (Mar 10)
- Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 11)
- Re: CVE Request -- logrotate -- nine issues Ludwig Nussel (Mar 11)
- Re: CVE Request -- logrotate -- nine issues Ludwig Nussel (Mar 23)
- Re: CVE Request -- logrotate -- nine issues Pavel Labushev (Mar 04)
- Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 05)
- Re: CVE Request -- logrotate -- nine issues Pavel Labushev (Mar 06)
- Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 06)
- Re: CVE Request -- logrotate -- nine issues Pavel Labushev (Mar 06)