CVSS: 4.7EPSS: 0%CPEs: 14EXPL: 0CVE-2011-1098 – logrotate: TOCTOU race condition by creation of new files (between opening the file and moment, final permissions have been applied) [information disclosure]
https://notcve.org/view.php?id=CVE-2011-1098
30 Mar 2011 — Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place. Condición de carrera en la función createOutputFile en logrotate.c en logrotate v3.7.9 y anteriores permite a usuarios locales leer los datos de registro mediante la apertura de un archivo antes de que los permisos previstos este activos. • http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 0CVE-2011-1154 – logrotate: Shell command injection by using the shred configuration directive
https://notcve.org/view.php?id=CVE-2011-1154
30 Mar 2011 — The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name. La función shred_file en logrotate.c en logrotate v3.7.9 y anteriores puede permitir a atacantes dependiendo del contexto, ejecutar comandos vía metacaracteres de la shell en un fichero de registro, como lo demue... • http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2011-1155 – logrotate: DoS due improper escaping of file names within 'write state' action
https://notcve.org/view.php?id=CVE-2011-1155
30 Mar 2011 — The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name. La función writeState en logrotate.c en Logrotate v3.7.9 y anteriores podría permitir a atacantes dependientes de contexto provocar una denegación de servicio ('rotat... • http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html • CWE-399: Resource Management Errors •