oss-sec mailing list archives

Re: CVE Request -- logrotate -- nine issues

From: Pavel Labushev <p.labushev () gmail com>
Date: Sat, 05 Mar 2011 03:17:57 +0700

04.03.2011 21:52, Solar Designer пишет:

I've just skimmed over the list, and I only see one issue that I'd call
a vulnerability in logrotate, issue #8.  And we need more info on #5.

The rest, as described, appear to rely on sysadmin error and to assume


Or on package maintainer error. At least in Gentoo there are packages
(ebuilds and eclasses) that create user/group-writable directories in
/var/log and enable logrotate to handle the log files there.

Current thread:

Re: CVE Request -- logrotate -- nine issues, (continued)
- - - Re: CVE Request -- logrotate -- nine issues Paul Martin (Mar 07)
    - Re: CVE Request -- logrotate -- nine issues Josh Bressers (Mar 07)
    - Re: CVE Request -- logrotate -- nine issues Ludwig Nussel (Mar 07)
    - Re: CVE Request -- logrotate -- nine issues Josh Bressers (Mar 10)
    - Re: CVE Request -- logrotate -- nine issues Florian Zumbiehl (Mar 10)
    - Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 10)
    - Re: CVE Request -- logrotate -- nine issues Florian Zumbiehl (Mar 10)
    - Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 11)
    - Re: CVE Request -- logrotate -- nine issues Ludwig Nussel (Mar 11)
    - Re: CVE Request -- logrotate -- nine issues Ludwig Nussel (Mar 23)
  - Re: CVE Request -- logrotate -- nine issues Pavel Labushev (Mar 04)
    - Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 05)
    - Re: CVE Request -- logrotate -- nine issues Pavel Labushev (Mar 06)
    - Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 06)
    - Re: CVE Request -- logrotate -- nine issues Pavel Labushev (Mar 06)
- Re: CVE Request -- logrotate -- nine issues Josh Bressers (Mar 14)