Description
The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages.
References (34)
Core 34
Core References
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/04/19
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/04/16
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/04/25
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/04/30
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/04/26
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/10/3
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/04/28
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/08/5
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/07/5
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/04/31
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/04/17
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/10/6
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/06/3
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/04/29
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/07/6
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/05/6
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/05/4
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/07/11
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/23/11
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/06/5
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/04/18
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/10/2
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/11/3
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/10/7
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/05/8
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/04/22
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/11/5
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/04/27
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/04/32
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/14/26
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/04/24
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/06/4
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/06/6
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/04/33
Scores
EPSS
0.0004
EPSS Percentile
13.9%
Details
CWE
CWE-264
Status
published
Products (1)
gentoo/logrotate
Published
Mar 30, 2011
Tracked Since
Feb 18, 2026