Lucene search

[email protected]NVD:CVE-2011-1550

HistoryMar 30, 2011 - 10:55 p.m.

CVE-2011-1550

2011-03-3022:55:02

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

6.3

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:C/A:C

AI Score

6.4

Confidence

High

EPSS

Percentile

10.1%

JSON

The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate’s lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages.

Affected configurations

Nvd

Node

gentoologrotate

AND

novellopensuse_factory

VendorProductVersionCPE
gentoologrotate*cpe:2.3:a:gentoo:logrotate:*:*:*:*:*:*:*:*
novellopensuse_factory*cpe:2.3:o:novell:opensuse_factory:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gentoo	logrotate	*	cpe:2.3:a:gentoo:logrotate::::::::
novell	opensuse_factory	*	cpe:2.3:o:novell:opensuse_factory::::::::

References

openwall.com/lists/oss-security/2011/03/04/16

openwall.com/lists/oss-security/2011/03/04/17

openwall.com/lists/oss-security/2011/03/04/18

openwall.com/lists/oss-security/2011/03/04/19

openwall.com/lists/oss-security/2011/03/04/22

openwall.com/lists/oss-security/2011/03/04/24

openwall.com/lists/oss-security/2011/03/04/25

openwall.com/lists/oss-security/2011/03/04/26

openwall.com/lists/oss-security/2011/03/04/27

openwall.com/lists/oss-security/2011/03/04/28

openwall.com/lists/oss-security/2011/03/04/29

openwall.com/lists/oss-security/2011/03/04/30

openwall.com/lists/oss-security/2011/03/04/31

openwall.com/lists/oss-security/2011/03/04/32

openwall.com/lists/oss-security/2011/03/04/33

openwall.com/lists/oss-security/2011/03/05/4

openwall.com/lists/oss-security/2011/03/05/6

openwall.com/lists/oss-security/2011/03/05/8

openwall.com/lists/oss-security/2011/03/06/3

openwall.com/lists/oss-security/2011/03/06/4

openwall.com/lists/oss-security/2011/03/06/5

openwall.com/lists/oss-security/2011/03/06/6

openwall.com/lists/oss-security/2011/03/07/11

openwall.com/lists/oss-security/2011/03/07/5

openwall.com/lists/oss-security/2011/03/07/6

openwall.com/lists/oss-security/2011/03/08/5

openwall.com/lists/oss-security/2011/03/10/2

openwall.com/lists/oss-security/2011/03/10/3

openwall.com/lists/oss-security/2011/03/10/6

openwall.com/lists/oss-security/2011/03/10/7

openwall.com/lists/oss-security/2011/03/11/3

openwall.com/lists/oss-security/2011/03/11/5

openwall.com/lists/oss-security/2011/03/14/26

openwall.com/lists/oss-security/2011/03/23/11

CVSS2

6.3

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:C/A:C

AI Score

6.4

Confidence

High

EPSS

Percentile

10.1%

JSON

Related for NVD:CVE-2011-1550

debiancve1 prion1 cvelist1 cve1 ubuntucve1