Logrotate Project Logrotate vulnerabilities

5 known vulnerabilities affecting logrotate_project/logrotate.

Total CVEs

5

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

MEDIUM3LOW2

Vulnerabilities

Page 1 of 1

CVE-2022-1348MEDIUMCVSS 6.5≥ 3.17.0, < 3.20.0vlogrotate versions before 3.20.02022-05-25

CVE-2022-1348 [MEDIUM] CWE-732 CVE-2022-1348: A vulnerability was found in logrotate in how the state file is created. The state file is used to p A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any ro

CVE-2011-1548MEDIUMCVSS 6.3≥ 0, < 3.7.8-62011-03-30

CVE-2011-1548 [MEDIUM] CVE-2011-1548: The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, whi The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by /var/log/p

CVE-2011-1154MEDIUMCVSS 6.9≥ 0, < 3.8.0-12011-03-30

CVE-2011-1154 [MEDIUM] CVE-2011-1154: The shred_file function in logrotate The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.

CVE-2011-1098LOWCVSS 1.9≥ 0, < 3.8.0-12011-03-30

CVE-2011-1098 [LOW] CVE-2011-1098: Race condition in the createOutputFile function in logrotate Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place.

CVE-2011-1155LOWCVSS 1.9≥ 0, < 3.8.0-12011-03-30

CVE-2011-1155 [LOW] CVE-2011-1155: The writeState function in logrotate The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.