PT-2011-1092 · Red Hat+1 · Logrotate+2

Published

2011-03-30

Updated

2024-09-19

CVE-2011-1098

CVSS v2.0

6.9

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions logrotate versions 3.7.9 and earlier logrotate versions prior to 3.8.0

Description The issue is related to a race condition in the createOutputFile function in logrotate.c, allowing local users to read log data by opening a file before the intended permissions are in place. Multiple vulnerabilities in the logrotate package can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited locally.

Recommendations For logrotate versions 3.7.9 and earlier, update to version 3.8.0 or later. For logrotate versions prior to 3.8.0, update to version 3.8.0 or later. As a temporary workaround, consider restricting access to sensitive log data until a patch is available.

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

ALT-PU-2015-2093

ALT-PU-2023-1925

ALT-PU-2024-11877

ALT-PU-2024-12867

BDU:2015-06014

BDU:2015-06015

BDU:2015-09654

CVE-2011-1098

OPENSUSE-SU-2024:10231-1

RHSA-2011:0407

RHSA-2011_0407

Affected Products

Alt Linux

Red Hat

Logrotate

PT-2011-1092 · Red Hat+1 · Logrotate+2

CVE-2011-1098

Weakness Enumeration

Related Identifiers

Affected Products

References · 70