CVE-2022-1348

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions logrotate versions prior to 3.20.0

Description A flaw was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation.

Recommendations For logrotate versions prior to 3.20.0, update to version 3.20.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the state file to prevent unprivileged users from locking it.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

ALSA-2022:8393

ALT-PU-2022-1955

ALT-PU-2023-1925

ALT-PU-2024-11877

ALT-PU-2024-12867

AZL-9845

CVE-2022-1348

MGASA-2022-0217

OESA-2022-1724

OPENSUSE-SU-2022_2396-1

OPENSUSE-SU-2024:12108-1

RHSA-2022:8393

RHSA-2022_8393

RLSA-2022:8393

SUSE-SU-2022:2396-1

SUSE-SU-2022_2396-1

USN-5447-1

Affected Products

Alt Linux

Almalinux

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

Logrotate

CVE-2022-1348

Weakness Enumeration

Related Identifiers

Affected Products

References · 46