CVE-2011-1098

Gentoo Logrotate < 3.7.9 - Race Condition

Title source: rule

Description

Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place.

References (43)

[Patch] http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html

[Patch] http://openwall.com/lists/oss-security/2011/03/04/16

[Patch] http://openwall.com/lists/oss-security/2011/03/07/11

[Third Party Advisory] http://secunia.com/advisories/43955

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDVSA-2011:065

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2011-0407.html

[Vendor Advisory] http://www.vupen.com/english/advisories/2011/0791

[Third Party Advisory] http://www.vupen.com/english/advisories/2011/0872

[Third Party Advisory] http://www.vupen.com/english/advisories/2011/0961

[Patch] https://bugzilla.redhat.com/show_bug.cgi?id=680798

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html

[Mailing List] http://openwall.com/lists/oss-security/2011/03/04/17

[Mailing List] http://openwall.com/lists/oss-security/2011/03/04/18

[Mailing List] http://openwall.com/lists/oss-security/2011/03/04/19

[Mailing List] http://openwall.com/lists/oss-security/2011/03/04/22

[Mailing List] http://openwall.com/lists/oss-security/2011/03/04/24

[Mailing List] http://openwall.com/lists/oss-security/2011/03/04/25

[Mailing List] http://openwall.com/lists/oss-security/2011/03/04/26

[Mailing List] http://openwall.com/lists/oss-security/2011/03/04/27

[Mailing List] http://openwall.com/lists/oss-security/2011/03/04/28

... and 23 more

Scores

EPSS 0.0005

EPSS Percentile 16.6%

Classification

CWE

CWE-362

Status draft

Affected Products (14)

gentoo/logrotate < 3.7.9

gentoo/logrotate

Timeline

Published Mar 30, 2011

Tracked Since Feb 18, 2026