Logrotate
by File Project
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-1348 | 0.00 | — | 0.01 | May 25, 2022 | A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable… | |||
| CVE-2011-1550 | 0.00 | — | 0.00 | Mar 30, 2011 | The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted… | |||
| CVE-2011-1549 | 0.00 | — | 0.00 | Mar 30, 2011 | The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories,… | |||
| CVE-2011-1548 | 0.00 | — | 0.00 | Mar 30, 2011 | The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted… | |||
| CVE-2011-1155 | 0.00 | — | 0.00 | Mar 30, 2011 | The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is… | |||
| CVE-2011-1154 | 0.00 | — | 0.00 | Mar 30, 2011 | The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or… | |||
| CVE-2011-1098 | 0.00 | — | 0.00 | Mar 30, 2011 | Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place. |
- CVE-2022-1348May 25, 2022risk 0.00cvss —epss 0.01
A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable…
- CVE-2011-1550Mar 30, 2011risk 0.00cvss —epss 0.00
The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted…
- CVE-2011-1549Mar 30, 2011risk 0.00cvss —epss 0.00
The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories,…
- CVE-2011-1548Mar 30, 2011risk 0.00cvss —epss 0.00
The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted…
- CVE-2011-1155Mar 30, 2011risk 0.00cvss —epss 0.00
The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is…
- CVE-2011-1154Mar 30, 2011risk 0.00cvss —epss 0.00
The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or…
- CVE-2011-1098Mar 30, 2011risk 0.00cvss —epss 0.00
Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place.