Rapid7 Vulnerability & Exploit Database

RHSA-2011:0407: logrotate security update

Back to Search

RHSA-2011:0407: logrotate security update

Severity
7
CVSS
(AV:L/AC:M/Au:N/C:C/I:C/A:C)
Published
03/30/2011
Created
07/25/2018
Added
04/14/2011
Modified
07/04/2017

Description

The logrotate utility simplifies the administration of multiple log files,allowing the automatic rotation, compression, removal, and mailing of logfiles.A shell command injection flaw was found in the way logrotate handled theshred directive. A specially-crafted log file could cause logrotate toexecute arbitrary commands with the privileges of the user runninglogrotate (root, by default). Note: The shred directive is not enabled bydefault. (CVE-2011-1154)A race condition flaw was found in the way logrotate applied permissionswhen creating new log files. In some specific configurations, a localattacker could use this flaw to open new log files before logrotate appliesthe final permissions, possibly leading to the disclosure of sensitiveinformation. (CVE-2011-1098)An input sanitization flaw was found in logrotate. A log file with aspecially-crafted file name could cause logrotate to abort when attemptingto process that file a subsequent time. (CVE-2011-1155)All logrotate users should upgrade to this updated package, which containsbackported patches to resolve these issues.

Solution(s)

  • redhat-upgrade-logrotate
  • redhat-upgrade-logrotate-debuginfo

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;