logrotate is vulnerable to privilege escalation. The vulnerability exists due to a lack of verification of the permission of a state file which creates a world-readable permission file when it doesn’t exists allowing an attacker to lock the state file and prevent any rotation.
www.openwall.com/lists/oss-security/2022/05/25/3
www.openwall.com/lists/oss-security/2022/05/25/4
www.openwall.com/lists/oss-security/2022/05/25/5
bugzilla.redhat.com/show_bug.cgi?id=CVE-2022-1348
lists.fedoraproject.org/archives/list/[email protected]/message/Y7EHGYRE6DSFSBXQIWYDGTSXKO6IFSJQ/
lists.fedoraproject.org/archives/list/[email protected]/message/ZYEB4F37BY6GLEJKP2EPVAVQ6TA3HQKR/
security-tracker.debian.org/tracker/CVE-2022-1348