// For flags

CVE-2011-1154

logrotate: Shell command injection by using the shred configuration directive

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.

La función shred_file en logrotate.c en logrotate v3.7.9 y anteriores puede permitir a atacantes dependiendo del contexto, ejecutar comandos vía metacaracteres de la shell en un fichero de registro, como lo demuestra un nombre de archivo que es contruido de forma automática sobre la base de un nombre de host o máquina virtual.

Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place. The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name. The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2011-03-03 CVE Reserved
  • 2011-03-30 CVE Published
  • 2024-08-06 CVE Updated
  • 2025-05-11 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
References (44)
URL Tag Source
http://openwall.com/lists/oss-security/2011/03/04/16 Mailing List
http://openwall.com/lists/oss-security/2011/03/04/17 Mailing List
http://openwall.com/lists/oss-security/2011/03/04/18 Mailing List
http://openwall.com/lists/oss-security/2011/03/04/19 Mailing List
http://openwall.com/lists/oss-security/2011/03/04/22 Mailing List
http://openwall.com/lists/oss-security/2011/03/04/24 Mailing List
http://openwall.com/lists/oss-security/2011/03/04/25 Mailing List
http://openwall.com/lists/oss-security/2011/03/04/26 Mailing List
http://openwall.com/lists/oss-security/2011/03/04/27 Mailing List
http://openwall.com/lists/oss-security/2011/03/04/28 Mailing List
http://openwall.com/lists/oss-security/2011/03/04/29 Mailing List
http://openwall.com/lists/oss-security/2011/03/04/30 Mailing List
http://openwall.com/lists/oss-security/2011/03/04/31 Mailing List
http://openwall.com/lists/oss-security/2011/03/04/32 Mailing List
http://openwall.com/lists/oss-security/2011/03/04/33 Mailing List
http://openwall.com/lists/oss-security/2011/03/05/4 Mailing List
http://openwall.com/lists/oss-security/2011/03/05/6 Mailing List
http://openwall.com/lists/oss-security/2011/03/05/8 Mailing List
http://openwall.com/lists/oss-security/2011/03/06/3 Mailing List
http://openwall.com/lists/oss-security/2011/03/06/4 Mailing List
http://openwall.com/lists/oss-security/2011/03/06/5 Mailing List
http://openwall.com/lists/oss-security/2011/03/06/6 Mailing List
http://openwall.com/lists/oss-security/2011/03/07/5 Mailing List
http://openwall.com/lists/oss-security/2011/03/07/6 Mailing List
http://openwall.com/lists/oss-security/2011/03/08/5 Mailing List
http://openwall.com/lists/oss-security/2011/03/10/2 Mailing List
http://openwall.com/lists/oss-security/2011/03/10/3 Mailing List
http://openwall.com/lists/oss-security/2011/03/10/6 Mailing List
http://openwall.com/lists/oss-security/2011/03/10/7 Mailing List
http://openwall.com/lists/oss-security/2011/03/11/3 Mailing List
http://openwall.com/lists/oss-security/2011/03/11/5 Mailing List
http://openwall.com/lists/oss-security/2011/03/14/26 Mailing List
http://openwall.com/lists/oss-security/2011/03/23/11 Mailing List
http://secunia.com/advisories/43955 Third Party Advisory
http://www.vupen.com/english/advisories/2011/0872 Vdb Entry
http://www.vupen.com/english/advisories/2011/0961 Vdb Entry
URL Date SRC
URL Date SRC
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html 2011-04-21
http://openwall.com/lists/oss-security/2011/03/07/11 2011-04-21
https://bugzilla.redhat.com/show_bug.cgi?id=680796 2011-03-31
URL Date SRC
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html 2011-04-21
http://www.mandriva.com/security/advisories?name=MDVSA-2011:065 2011-04-21
http://www.redhat.com/support/errata/RHSA-2011-0407.html 2011-04-21
http://www.vupen.com/english/advisories/2011/0791 2011-04-21
https://access.redhat.com/security/cve/CVE-2011-1154 2011-03-31
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Gentoo
Search vendor "Gentoo"
 Logrotate
Search vendor "Gentoo" for product "Logrotate"
 <= 3.7.9
Search vendor "Gentoo" for product "Logrotate" and version " <= 3.7.9"
-
Affected
Gentoo
Search vendor "Gentoo"
 Logrotate
Search vendor "Gentoo" for product "Logrotate"
 3.3
Search vendor "Gentoo" for product "Logrotate" and version "3.3"
r2
Affected
Gentoo
Search vendor "Gentoo"
 Logrotate
Search vendor "Gentoo" for product "Logrotate"
 3.5.9
Search vendor "Gentoo" for product "Logrotate" and version "3.5.9"
-
Affected
Gentoo
Search vendor "Gentoo"
 Logrotate
Search vendor "Gentoo" for product "Logrotate"
 3.5.9
Search vendor "Gentoo" for product "Logrotate" and version "3.5.9"
r1
Affected
Gentoo
Search vendor "Gentoo"
 Logrotate
Search vendor "Gentoo" for product "Logrotate"
 3.6.5
Search vendor "Gentoo" for product "Logrotate" and version "3.6.5"
-
Affected
Gentoo
Search vendor "Gentoo"
 Logrotate
Search vendor "Gentoo" for product "Logrotate"
 3.6.5
Search vendor "Gentoo" for product "Logrotate" and version "3.6.5"
r1
Affected
Gentoo
Search vendor "Gentoo"
 Logrotate
Search vendor "Gentoo" for product "Logrotate"
 3.7
Search vendor "Gentoo" for product "Logrotate" and version "3.7"
-
Affected
Gentoo
Search vendor "Gentoo"
 Logrotate
Search vendor "Gentoo" for product "Logrotate"
 3.7.1
Search vendor "Gentoo" for product "Logrotate" and version "3.7.1"
-
Affected
Gentoo
Search vendor "Gentoo"
 Logrotate
Search vendor "Gentoo" for product "Logrotate"
 3.7.1
Search vendor "Gentoo" for product "Logrotate" and version "3.7.1"
r1
Affected
Gentoo
Search vendor "Gentoo"
 Logrotate
Search vendor "Gentoo" for product "Logrotate"
 3.7.1
Search vendor "Gentoo" for product "Logrotate" and version "3.7.1"
r2
Affected
Gentoo
Search vendor "Gentoo"
 Logrotate
Search vendor "Gentoo" for product "Logrotate"
 3.7.2
Search vendor "Gentoo" for product "Logrotate" and version "3.7.2"
-
Affected
Gentoo
Search vendor "Gentoo"
 Logrotate
Search vendor "Gentoo" for product "Logrotate"
 3.7.6
Search vendor "Gentoo" for product "Logrotate" and version "3.7.6"
-
Affected
Gentoo
Search vendor "Gentoo"
 Logrotate
Search vendor "Gentoo" for product "Logrotate"
 3.7.7
Search vendor "Gentoo" for product "Logrotate" and version "3.7.7"
-
Affected
Gentoo
Search vendor "Gentoo"
 Logrotate
Search vendor "Gentoo" for product "Logrotate"
 3.7.8
Search vendor "Gentoo" for product "Logrotate" and version "3.7.8"
-
Affected