CVE-2011-1155

Name of the Vulnerable Software and Affected Versions logrotate versions 3.7.9 and earlier logrotate versions prior to 3.8.0

Description The issue might allow context-dependent attackers to cause a denial of service via a newline or backslash character in a log filename. Multiple vulnerabilities in the logrotate package can lead to disruption of confidentiality, integrity, and availability of protected information. Exploitation of these vulnerabilities can be carried out locally.

Recommendations For logrotate versions 3.7.9 and earlier, update to version 3.8.0 or later to resolve the issue. For logrotate versions prior to 3.8.0, update to version 3.8.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the writeState function in logrotate.c until a patch is available. Avoid using newline or backslash characters in log filenames to minimize the risk of exploitation.