CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2011-1550
https://notcve.org/view.php?id=CVE-2011-1550
The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages. La configuración por defecto de logrotate en SUSE openSUSE Factory utiliza privilegios de administrador para procesar ficheros en directorios que permite a un no-adminitrador acceso de escritura, lo que permite a usuarios locales conducir ataques de enlace simbólico y enlace fijo aprovechándose de la falta de soporte en logrotate para directorios no confiables, como se demostró en directorios para el (1) cobbler, (2) inn, (3) safte-monitor, y (4) paquetes uccp. • http://openwall.com/lists/oss-security/2011/03/04/16 http://openwall.com/lists/oss-security/2011/03/04/17 http://openwall.com/lists/oss-security/2011/03/04/18 http://openwall.com/lists/oss-security/2011/03/04/19 http://openwall.com/lists/oss-security/2011/03/04/22 http://openwall.com/lists/oss-security/2011/03/04/24 http://openwall.com/lists/oss-security/2011/03/04/25 http://openwall.com/lists/oss-security/2011/03/04/26 http://openwal • CWE-264: Permissions, Privileges, and Access Controls •