// For flags

CVE-2011-1548

Ubuntu Security Notice USN-1172-1

Severity Score

7.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by /var/log/postgresql/.

La configuración por defecto en logrotate en Debien GNU/Linux usa privilegios de administrador para procesar archivos en directorios que permite acceso de escritura a no-administradores, lo que permite a usuarios locales conducir ataques de enlace simbólico y enlace fijo aprovechándose de la falta de soporte en logrotate para directorios no confiables, como fue desmotrado por /var/log/postgresql/.

It was discovered that logrotate incorrectly handled the creation of new log files. Local users could possibly read log files if they were opened before permissions were in place. This issue only affected Ubuntu 8.04 LTS. It was discovered that logrotate incorrectly handled certain log file names when used with the shred option. Local attackers able to create log files with specially crafted filenames could use this issue to execute arbitrary code. This issue only affected Ubuntu 10.04 LTS, 10.10, and 11.04. Various other issues were also addressed.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2011-03-30 CVE Reserved
  • 2011-03-30 CVE Published
  • 2024-08-06 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (36)
URL Tag Source
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606544 X_refsource_misc
http://openwall.com/lists/oss-security/2011/03/04/16 Mailing List
http://openwall.com/lists/oss-security/2011/03/04/17 Mailing List
http://openwall.com/lists/oss-security/2011/03/04/18 Mailing List
http://openwall.com/lists/oss-security/2011/03/04/19 Mailing List
http://openwall.com/lists/oss-security/2011/03/04/22 Mailing List
http://openwall.com/lists/oss-security/2011/03/04/24 Mailing List
http://openwall.com/lists/oss-security/2011/03/04/25 Mailing List
http://openwall.com/lists/oss-security/2011/03/04/26 Mailing List
http://openwall.com/lists/oss-security/2011/03/04/27 Mailing List
http://openwall.com/lists/oss-security/2011/03/04/28 Mailing List
http://openwall.com/lists/oss-security/2011/03/04/29 Mailing List
http://openwall.com/lists/oss-security/2011/03/04/30 Mailing List
http://openwall.com/lists/oss-security/2011/03/04/31 Mailing List
http://openwall.com/lists/oss-security/2011/03/04/32 Mailing List
http://openwall.com/lists/oss-security/2011/03/04/33 Mailing List
http://openwall.com/lists/oss-security/2011/03/05/4 Mailing List
http://openwall.com/lists/oss-security/2011/03/05/6 Mailing List
http://openwall.com/lists/oss-security/2011/03/05/8 Mailing List
http://openwall.com/lists/oss-security/2011/03/06/3 Mailing List
http://openwall.com/lists/oss-security/2011/03/06/4 Mailing List
http://openwall.com/lists/oss-security/2011/03/06/5 Mailing List
http://openwall.com/lists/oss-security/2011/03/06/6 Mailing List
http://openwall.com/lists/oss-security/2011/03/07/11 Mailing List
http://openwall.com/lists/oss-security/2011/03/07/5 Mailing List
http://openwall.com/lists/oss-security/2011/03/07/6 Mailing List
http://openwall.com/lists/oss-security/2011/03/08/5 Mailing List
http://openwall.com/lists/oss-security/2011/03/10/2 Mailing List
http://openwall.com/lists/oss-security/2011/03/10/3 Mailing List
http://openwall.com/lists/oss-security/2011/03/10/6 Mailing List
http://openwall.com/lists/oss-security/2011/03/10/7 Mailing List
http://openwall.com/lists/oss-security/2011/03/11/3 Mailing List
http://openwall.com/lists/oss-security/2011/03/11/5 Mailing List
http://openwall.com/lists/oss-security/2011/03/14/26 Mailing List
http://openwall.com/lists/oss-security/2011/03/23/11 Mailing List
http://www.securityfocus.com/bid/47167 Vdb Entry
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Gentoo
Search vendor "Gentoo"
 Logrotate
Search vendor "Gentoo" for product "Logrotate"
*-
Affected
in Debian
Search vendor "Debian"
 Linux
Search vendor "Debian" for product "Linux"
*-
Safe