VYPR
Unrated severityNVD Advisory· Published Mar 30, 2011· Updated Jun 16, 2026

CVE-2011-1154

CVE-2011-1154

Description

The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

16
  • cpe:2.3:a:gentoo:logrotate:*:*:*:*:*:*:*:*+ 13 more
    • cpe:2.3:a:gentoo:logrotate:*:*:*:*:*:*:*:*range: <=3.7.9
    • cpe:2.3:a:gentoo:logrotate:3.3:r2:*:*:*:*:*:*
    • cpe:2.3:a:gentoo:logrotate:3.5.9:*:*:*:*:*:*:*
    • cpe:2.3:a:gentoo:logrotate:3.5.9:r1:*:*:*:*:*:*
    • cpe:2.3:a:gentoo:logrotate:3.6.5:*:*:*:*:*:*:*
    • cpe:2.3:a:gentoo:logrotate:3.6.5:r1:*:*:*:*:*:*
    • cpe:2.3:a:gentoo:logrotate:3.7:*:*:*:*:*:*:*
    • cpe:2.3:a:gentoo:logrotate:3.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gentoo:logrotate:3.7.1:r1:*:*:*:*:*:*
    • cpe:2.3:a:gentoo:logrotate:3.7.1:r2:*:*:*:*:*:*
    • cpe:2.3:a:gentoo:logrotate:3.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:gentoo:logrotate:3.7.6:*:*:*:*:*:*:*
    • cpe:2.3:a:gentoo:logrotate:3.7.7:*:*:*:*:*:*:*
    • cpe:2.3:a:gentoo:logrotate:3.7.8:*:*:*:*:*:*:*
  • Range: <=3.7.9

Patches

Vulnerability mechanics

References

43

News mentions

0

No linked articles in our index yet.