CVSS: 4.7EPSS: 0%CPEs: 14EXPL: 0CVE-2011-1098 – logrotate: TOCTOU race condition by creation of new files (between opening the file and moment, final permissions have been applied) [information disclosure]
https://notcve.org/view.php?id=CVE-2011-1098
30 Mar 2011 — Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place. Condición de carrera en la función createOutputFile en logrotate.c en logrotate v3.7.9 y anteriores permite a usuarios locales leer los datos de registro mediante la apertura de un archivo antes de que los permisos previstos este activos. Race condition in the createOutputFile function in logrotate.c in logrotate 3.7... • http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 0CVE-2011-1154 – logrotate: Shell command injection by using the shred configuration directive
https://notcve.org/view.php?id=CVE-2011-1154
30 Mar 2011 — The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name. La función shred_file en logrotate.c en logrotate v3.7.9 y anteriores puede permitir a atacantes dependiendo del contexto, ejecutar comandos vía metacaracteres de la shell en un fichero de registro, como lo demue... • http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2011-1155 – logrotate: DoS due improper escaping of file names within 'write state' action
https://notcve.org/view.php?id=CVE-2011-1155
30 Mar 2011 — The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name. La función writeState en logrotate.c en Logrotate v3.7.9 y anteriores podría permitir a atacantes dependientes de contexto provocar una denegación de servicio ('rotat... • http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html • CWE-399: Resource Management Errors •