ID CVE-2011-1155
Summary The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.
References
Vulnerable Configurations
  • cpe:2.3:a:gentoo:logrotate:3.7.1:r1
    cpe:2.3:a:gentoo:logrotate:3.7.1:r1
  • cpe:2.3:a:gentoo:logrotate:3.7.1:r2
    cpe:2.3:a:gentoo:logrotate:3.7.1:r2
  • cpe:2.3:a:gentoo:logrotate:3.7.1
    cpe:2.3:a:gentoo:logrotate:3.7.1
  • cpe:2.3:a:gentoo:logrotate:3.7.6
    cpe:2.3:a:gentoo:logrotate:3.7.6
  • cpe:2.3:a:gentoo:logrotate:3.6.5:r1
    cpe:2.3:a:gentoo:logrotate:3.6.5:r1
  • cpe:2.3:a:gentoo:logrotate:3.7
    cpe:2.3:a:gentoo:logrotate:3.7
  • cpe:2.3:a:gentoo:logrotate:3.5.9:r1
    cpe:2.3:a:gentoo:logrotate:3.5.9:r1
  • cpe:2.3:a:gentoo:logrotate:3.6.5
    cpe:2.3:a:gentoo:logrotate:3.6.5
  • cpe:2.3:a:gentoo:logrotate:3.7.8
    cpe:2.3:a:gentoo:logrotate:3.7.8
  • cpe:2.3:a:gentoo:logrotate:3.7.2
    cpe:2.3:a:gentoo:logrotate:3.7.2
  • cpe:2.3:a:gentoo:logrotate:3.7.7
    cpe:2.3:a:gentoo:logrotate:3.7.7
  • cpe:2.3:a:gentoo:logrotate:3.5.9
    cpe:2.3:a:gentoo:logrotate:3.5.9
  • cpe:2.3:a:gentoo:logrotate:3.3:r2
    cpe:2.3:a:gentoo:logrotate:3.3:r2
  • cpe:2.3:a:gentoo:logrotate:3.7.9
    cpe:2.3:a:gentoo:logrotate:3.7.9
CVSS
Base: 1.9 (as of 31-03-2011 - 10:34)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LOGROTATE-7533.NASL
    description This update for logrotate provides the following fixes : - Race condition in the createOutputFile function in logrotate allows local users to read log data by opening a file before the intended permissions are in place. (bnc#677336 / CVE-2011-1098) - The writeState function in logrotate might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name. (bnc#679662 / CVE-2011-1155)
    last seen 2019-02-21
    modified 2012-10-03
    plugin id 57224
    published 2011-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57224
    title SuSE 10 Security Update : logrotate (ZYPP Patch Number 7533)
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL16871.NASL
    description The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.
    last seen 2019-02-21
    modified 2019-01-04
    plugin id 85953
    published 2015-09-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85953
    title F5 Networks BIG-IP : logrotate vulnerability (SOL16871)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LOGROTATE-7534.NASL
    description This update for logrotate provides the following fixes : - Race condition in the createOutputFile function in logrotate allows local users to read log data by opening a file before the intended permissions are in place (CVE-2011-1098). (bnc#677336) - The writeState function in logrotate might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name (CVE-2011-1155). (bnc#679662) - In addition, the missingok option has been improved
    last seen 2019-02-21
    modified 2012-10-03
    plugin id 54829
    published 2011-05-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=54829
    title SuSE 10 Security Update : logrotate (ZYPP Patch Number 7534)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20110331_LOGROTATE_ON_SL6_X.NASL
    description A shell command injection flaw was found in the way logrotate handled the shred directive. A specially crafted log file could cause logrotate to execute arbitrary commands with the privileges of the user running logrotate (root, by default). Note: The shred directive is not enabled by default. (CVE-2011-1154) A race condition flaw was found in the way logrotate applied permissions when creating new log files. In some specific configurations, a local attacker could use this flaw to open new log files before logrotate applies the final permissions, possibly leading to the disclosure of sensitive information. (CVE-2011-1098) An input sanitization flaw was found in logrotate. A log file with a specially crafted file name could cause logrotate to abort when attempting to process that file a subsequent time. (CVE-2011-1155)
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61004
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61004
    title Scientific Linux Security Update : logrotate on SL6.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-0407.NASL
    description An updated logrotate package that fixes multiple security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The logrotate utility simplifies the administration of multiple log files, allowing the automatic rotation, compression, removal, and mailing of log files. A shell command injection flaw was found in the way logrotate handled the shred directive. A specially crafted log file could cause logrotate to execute arbitrary commands with the privileges of the user running logrotate (root, by default). Note: The shred directive is not enabled by default. (CVE-2011-1154) A race condition flaw was found in the way logrotate applied permissions when creating new log files. In some specific configurations, a local attacker could use this flaw to open new log files before logrotate applies the final permissions, possibly leading to the disclosure of sensitive information. (CVE-2011-1098) An input sanitization flaw was found in logrotate. A log file with a specially crafted file name could cause logrotate to abort when attempting to process that file a subsequent time. (CVE-2011-1155) All logrotate users should upgrade to this updated package, which contains backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 53246
    published 2011-04-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53246
    title RHEL 6 : logrotate (RHSA-2011:0407)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1172-1.NASL
    description It was discovered that logrotate incorrectly handled the creation of new log files. Local users could possibly read log files if they were opened before permissions were in place. This issue only affected Ubuntu 8.04 LTS. (CVE-2011-1098) It was discovered that logrotate incorrectly handled certain log file names when used with the shred option. Local attackers able to create log files with specially crafted filenames could use this issue to execute arbitrary code. This issue only affected Ubuntu 10.04 LTS, 10.10, and 11.04. (CVE-2011-1154) It was discovered that logrotate incorrectly handled certain malformed log filenames. Local attackers able to create log files with specially crafted filenames could use this issue to cause logrotate to stop processing log files, resulting in a denial of service. (CVE-2011-1155) It was discovered that logrotate incorrectly handled symlinks and hard links when processing log files. A local attacker having write access to a log file directory could use this issue to overwrite or read arbitrary files. This issue only affected Ubuntu 8.04 LTS. (CVE-2011-1548). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 55648
    published 2011-07-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55648
    title Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : logrotate vulnerabilities (USN-1172-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2011-0407.NASL
    description From Red Hat Security Advisory 2011:0407 : An updated logrotate package that fixes multiple security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The logrotate utility simplifies the administration of multiple log files, allowing the automatic rotation, compression, removal, and mailing of log files. A shell command injection flaw was found in the way logrotate handled the shred directive. A specially crafted log file could cause logrotate to execute arbitrary commands with the privileges of the user running logrotate (root, by default). Note: The shred directive is not enabled by default. (CVE-2011-1154) A race condition flaw was found in the way logrotate applied permissions when creating new log files. In some specific configurations, a local attacker could use this flaw to open new log files before logrotate applies the final permissions, possibly leading to the disclosure of sensitive information. (CVE-2011-1098) An input sanitization flaw was found in logrotate. A log file with a specially crafted file name could cause logrotate to abort when attempting to process that file a subsequent time. (CVE-2011-1155) All logrotate users should upgrade to this updated package, which contains backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68243
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68243
    title Oracle Linux 6 : logrotate (ELSA-2011-0407)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-3739.NASL
    description Fixes CVE-2011-1154, CVE-2011-1155 and CVE-2011-1098. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 53363
    published 2011-04-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53363
    title Fedora 14 : logrotate-3.7.9-2.fc14 (2011-3739)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201206-36.NASL
    description The remote host is affected by the vulnerability described in GLSA-201206-36 (logrotate: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in logrotate. Please review the CVE identifiers referenced below for details. Impact : A local attacker could use this flaw to truncate arbitrary system file, to change file owner or mode on arbitrary system files, to conduct symlink attacks and send arbitrary system files, to execute arbitrary system commands, to cause abort in subsequent logrotate runs, to disclose sensitive information, to execute arbitrary code or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 59709
    published 2012-06-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59709
    title GLSA-201206-36 : logrotate: Multiple vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-3758.NASL
    description Fixes CVE-2011-1154, CVE-2011-1155 and CVE-2011-1098. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 53199
    published 2011-03-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53199
    title Fedora 15 : logrotate-3.7.9-8.fc15 (2011-3758)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2011-065.NASL
    description Multiple vulnerabilities were discovered and corrected in logrotate : Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place (CVE-2011-1098). The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name (CVE-2011-1154). The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name (CVE-2011-1155). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149 products_id=490 The updated packages have been upgraded to the 3.7.9 version and patched to correct these issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 53301
    published 2011-04-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53301
    title Mandriva Linux Security Advisory : logrotate (MDVSA-2011:065)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LOGROTATE-110518.NASL
    description This update for logrotate provides the following fixes : - The shred_file function in logrotate might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name (CVE-2011-1154). (bnc#679661) - Race condition in the createOutputFile function in logrotate allows local users to read log data by opening a file before the intended permissions are in place (CVE-2011-1098). (bnc#677336) - The writeState function in logrotate might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name (CVE-2011-1155). (bnc#679662) - Fix handling of missingok option which previously was not working as expected.
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 54827
    published 2011-05-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=54827
    title SuSE 11.1 Security Update : logrotate (SAT Patch Number 4583)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_LOGROTATE-110518.NASL
    description This update for logrotate provides the following fixes : - The shred_file function in logrotate might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name (CVE-2011-1154) (bnc#679661) - Race condition in the createOutputFile function in logrotate allows local users to read log data by opening a file before the intended permissions are in place (CVE-2011-1098) (bnc#677336) - The writeState function in logrotate might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name (CVE-2011-1155) (bnc#679662)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75638
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75638
    title openSUSE Security Update : logrotate (openSUSE-SU-2011:0536-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_4_LOGROTATE-110518.NASL
    description This update for logrotate provides the following fixes : dbg114-logrotate-4580 logrotate-4580 new_updateinfo The shred_file function in logrotate might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name (CVE-2011-1154) (bnc#679661) dbg114-logrotate-4580 logrotate-4580 new_updateinfo Race condition in the createOutputFile function in logrotate allows local users to read log data by opening a file before the intended permissions are in place (CVE-2011-1098) (bnc#677336) dbg114-logrotate-4580 logrotate-4580 new_updateinfo The writeState function in logrotate might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) n (newline) or (2) (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name (CVE-2011-1155) (bnc#679662)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75942
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75942
    title openSUSE Security Update : logrotate (openSUSE-SU-2011:0536-1)
redhat via4
advisories
bugzilla
id 680798
title CVE-2011-1098 logrotate: TOCTOU race condition by creation of new files (between opening the file and moment, final permissions have been applied) [information disclosure]
oval
AND
  • comment logrotate is earlier than 0:3.7.8-12.el6_0.1
    oval oval:com.redhat.rhsa:tst:20110407005
  • comment logrotate is signed with Red Hat redhatrelease2 key
    oval oval:com.redhat.rhsa:tst:20110407006
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhba:tst:20111656001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhba:tst:20111656002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20111656004
rhsa
id RHSA-2011:0407
released 2011-03-31
severity Moderate
title RHSA-2011:0407: logrotate security update (Moderate)
rpms logrotate-0:3.7.8-12.el6_0.1
refmap via4
confirm https://bugzilla.redhat.com/show_bug.cgi?id=680797
fedora
  • FEDORA-2011-3739
  • FEDORA-2011-3758
mandriva MDVSA-2011:065
mlist
  • [oss-security] 20110304 CVE Request -- logrotate -- nine issues
  • [oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues
  • [oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues
  • [oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues
  • [oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues
  • [oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues
  • [oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues
  • [oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues
  • [oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues
  • [oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues
secunia 43955
vupen
  • ADV-2011-0791
  • ADV-2011-0872
  • ADV-2011-0961
Last major update 20-04-2011 - 22:33
Published 30-03-2011 - 18:55
Back to Top