CVE Vulnerabilities

CVE-2011-1155

Published: Mar 30, 2011 | Modified: Apr 21, 2011
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
1.9 LOW
AV:L/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) n (newline) or (2) (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.

Affected Software

Name Vendor Start Version End Version
Logrotate Gentoo 3.6.5 3.6.5
Logrotate Gentoo 3.7.8 3.7.8
Logrotate Gentoo 3.5.9 3.5.9
Logrotate Gentoo 3.7.6 3.7.6
Logrotate Gentoo 3.3 3.3
Logrotate Gentoo 3.7.2 3.7.2
Logrotate Gentoo 3.7 3.7
Logrotate Gentoo 3.7.1 3.7.1
Logrotate Gentoo 3.6.5 3.6.5
Logrotate Gentoo 3.5.9 3.5.9
Logrotate Gentoo 3.7.1 3.7.1
Logrotate Gentoo * 3.7.9
Logrotate Gentoo 3.7.1 3.7.1
Logrotate Gentoo 3.7.7 3.7.7

References