CVE-2011-1549

logrotate - Privilege Escalation

Title source: llm

Description

The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages.

References (35)

... and 15 more

Scores

EPSS 0.0006
EPSS Percentile 18.9%

Classification

CWE
CWE-264
Status draft

Affected Products (1)

gentoo/logrotate

Timeline

Published Mar 30, 2011
Tracked Since Feb 18, 2026