CVE Vulnerabilities

CVE-2011-1155

Published: Mar 30, 2011 | Modified: Apr 21, 2011
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
1.9 LOW
AV:L/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
1.9 LOW
AV:L/AC:M/Au:N/C:N/I:N/A:P
RedHat/V3
Ubuntu
MEDIUM

The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) n (newline) or (2) (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.

Affected Software

Name Vendor Start Version End Version
Logrotate Gentoo * 3.7.9 (including)
Logrotate Gentoo 3.3-r2 (including) 3.3-r2 (including)
Logrotate Gentoo 3.5.9 (including) 3.5.9 (including)
Logrotate Gentoo 3.5.9-r1 (including) 3.5.9-r1 (including)
Logrotate Gentoo 3.6.5 (including) 3.6.5 (including)
Logrotate Gentoo 3.6.5-r1 (including) 3.6.5-r1 (including)
Logrotate Gentoo 3.7 (including) 3.7 (including)
Logrotate Gentoo 3.7.1 (including) 3.7.1 (including)
Logrotate Gentoo 3.7.1-r1 (including) 3.7.1-r1 (including)
Logrotate Gentoo 3.7.1-r2 (including) 3.7.1-r2 (including)
Logrotate Gentoo 3.7.2 (including) 3.7.2 (including)
Logrotate Gentoo 3.7.6 (including) 3.7.6 (including)
Logrotate Gentoo 3.7.7 (including) 3.7.7 (including)
Logrotate Gentoo 3.7.8 (including) 3.7.8 (including)
Red Hat Enterprise Linux 6 RedHat logrotate-0:3.7.8-12.el6_0.1 *
Logrotate Ubuntu dapper *
Logrotate Ubuntu devel *
Logrotate Ubuntu hardy *
Logrotate Ubuntu karmic *
Logrotate Ubuntu lucid *
Logrotate Ubuntu maverick *
Logrotate Ubuntu natty *

References