Vulnerabilities > Gentoo > Logrotate > Medium

DATE CVE VULNERABILITY TITLE RISK
2011-03-30 CVE-2011-1550 Permissions, Privileges, and Access Controls vulnerability in Gentoo Logrotate
The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages.
6.3
2011-03-30 CVE-2011-1549 Permissions, Privileges, and Access Controls vulnerability in Gentoo Logrotate
The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages.
local
gentoo CWE-264
6.3
2011-03-30 CVE-2011-1548 Permissions, Privileges, and Access Controls vulnerability in Gentoo Logrotate
The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by /var/log/postgresql/.
6.3
2011-03-30 CVE-2011-1154 Improper Input Validation vulnerability in Gentoo Logrotate
The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.
local
gentoo CWE-20
6.9