oss-sec mailing list archives

Re: CVE Request -- logrotate -- nine issues

From: Josh Bressers <bressers () redhat com>
Date: Mon, 14 Mar 2011 17:06:02 -0400 (EDT)


6) Issue #6: logrotate: Shell command injection by using the shred
configuration directive

A shell command injection flaw was found in the way the logrotate utility
handled shred configuration directive (intended to ensure the log files
are not readable after their scheduled deletion). A local attacker could
use this flaw to execute arbitrary system commands (if the logrotate was
run under privileged system user account, root) when the logrotate
utility was run on a log file, within attacker controllable directory.

References:
[10] https://bugzilla.redhat.com/show_bug.cgi?id=680796

Proposed patch:
[11] https://bugzilla.redhat.com/show_bug.cgi?id=680796#c5

Note: Sixth CVE required. The shred option has been introduced in
logrotate v3.7.5.


Please use CVE-2011-1154 for the above issue

----------

7) Issue #7: logrotate: DoS due improper escaping of file names
within 'write state' action

A denial of service flaw was found in the way the logrotate utility
performed arguments sanitization, when performing the 'write state'
action.  A local attacker could use this flaw to cause abort in
subsequent logrotate runs via a specially-crafted log file name.

References:
[12] https://bugzilla.redhat.com/show_bug.cgi?id=680797

Proposed patch:
[13] https://bugzilla.redhat.com/show_bug.cgi?id=680797#c3


Please use CVE-2011-1155 for the above issue

Thanks.

-- 
    JB

Current thread:

Re: CVE Request -- logrotate -- nine issues, (continued)
- - - Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 10)
    - Re: CVE Request -- logrotate -- nine issues Florian Zumbiehl (Mar 10)
    - Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 11)
    - Re: CVE Request -- logrotate -- nine issues Ludwig Nussel (Mar 11)
    - Re: CVE Request -- logrotate -- nine issues Ludwig Nussel (Mar 23)
  - Re: CVE Request -- logrotate -- nine issues Pavel Labushev (Mar 04)
    - Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 05)
    - Re: CVE Request -- logrotate -- nine issues Pavel Labushev (Mar 06)
    - Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 06)
    - Re: CVE Request -- logrotate -- nine issues Pavel Labushev (Mar 06)
- Re: CVE Request -- logrotate -- nine issues Josh Bressers (Mar 14)