cbcvebase.
CVE-2011-1018
published 2011-02-25

CVE-2011-1018: logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in a log file name, as demonstrated via a crafted…

PriorityP270critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
18.32%
96.9th percentile
logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in a log file name, as demonstrated via a crafted username to a Samba server.

Affected

6 ranges
VendorProductVersion rangeFixed in
debianlogwatch< logwatch 7.3.6.cvs20090906-2 (bookworm)logwatch 7.3.6.cvs20090906-2 (bookworm)
logwatchlogwatch
logwatchlogwatch>= 0 < 7.3.6.cvs20090906-27.3.6.cvs20090906-2
logwatchlogwatch>= 0 < 7.3.6.cvs20090906-27.3.6.cvs20090906-2
logwatchlogwatch>= 0 < 7.3.6.cvs20090906-27.3.6.cvs20090906-2
logwatchlogwatch>= 0 < 7.3.6.cvs20090906-27.3.6.cvs20090906-2

Detection & IOCsextracted from sources · hover to see the quote

path/var/log/httpd/fakee;who;access_log.2
filenamelogwatch.pl
  • Detect shell metacharacters (e.g., semicolons, pipes, backticks) embedded in log file names processed by logwatch.pl, particularly in Samba-generated log paths.
  • Monitor for crafted Samba usernames containing shell metacharacters, as these get reflected into log file names subsequently parsed by logwatch.
  • Alert on logwatch.pl invoking system() calls where the argument contains unsanitized log file name components with special characters such as semicolons.
  • ·Only Logwatch 7.3.6 (unpatched) is vulnerable; Debian fixed the issue in package version 7.3.6.cvs20090906-2 and RHEL 5/6 via RHSA-2011:0324.

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0CRITICAL
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.