Gentoo Logrotate vulnerabilities
3 known vulnerabilities affecting gentoo/logrotate.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM1LOW2
Vulnerabilities
Page 1 of 1
CVE-2011-1154MEDIUMCVSS 6.9≤ 3.7.9v3.3+8 more2011-03-30
CVE-2011-1154 [MEDIUM] CWE-20 CVE-2011-1154: The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent
The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.
nvd
CVE-2011-1155LOWCVSS 1.9≤ 3.7.9v3.3+8 more2011-03-30
CVE-2011-1155 [LOW] CWE-399 CVE-2011-1155: The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent
The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.
nvd
CVE-2011-1098LOWCVSS 1.9≤ 3.7.9v3.3+8 more2011-03-30
CVE-2011-1098 [LOW] CWE-362 CVE-2011-1098: Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows
Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place.
nvd