CVE-2011-1548

Name of the Vulnerable Software and Affected Versions logrotate (affected versions not specified)

Description The default configuration of logrotate on Debian GNU/Linux has a security issue where it uses root privileges to process files in directories that permit non-root write access. This allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories. For example, this can be demonstrated in the /var/log/postgresql/ directory.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.