PT-2011-1092 · Red Hat+1 · Logrotate+2

Publicado

2011-03-30

Atualizado

2024-09-19

CVE-2011-1098

CVSS v2.0

6.9

Média

Vetor

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions logrotate versions 3.7.9 and earlier logrotate versions prior to 3.8.0

Description The issue is related to a race condition in the createOutputFile function in logrotate.c, allowing local users to read log data by opening a file before the intended permissions are in place. Multiple vulnerabilities in the logrotate package can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited locally.

Recommendations For logrotate versions 3.7.9 and earlier, update to version 3.8.0 or later. For logrotate versions prior to 3.8.0, update to version 3.8.0 or later. As a temporary workaround, consider restricting access to sensitive log data until a patch is available.

Correção

Race Condition

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362

Identificadores relacionados

ALT-PU-2015-2093

ALT-PU-2023-1925

ALT-PU-2024-11877

ALT-PU-2024-12867

BDU:2015-06014

BDU:2015-06015

BDU:2015-09654

CVE-2011-1098

OPENSUSE-SU-2024:10231-1

RHSA-2011:0407

RHSA-2011_0407

Produtos afetados

Alt Linux

Red Hat

Logrotate

PT-2011-1092 · Red Hat+1 · Logrotate+2

CVE-2011-1098

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 70