{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-03-04T00:00:00", "descriptions": [{"lang": "en", "value": "Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-04-21T09:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/19"}, {"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/16"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/25"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/30"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/26"}, {"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/10/3"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/28"}, {"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/08/5"}, {"name": "43955", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43955"}, {"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/07/5"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/31"}, {"name": "ADV-2011-0961", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0961"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/17"}, {"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/10/6"}, {"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/06/3"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/29"}, {"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/07/6"}, {"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/05/6"}, {"name": "FEDORA-2011-3739", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html"}, {"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/05/4"}, {"name": "ADV-2011-0791", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0791"}, {"name": "MDVSA-2011:065", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:065"}, {"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/07/11"}, {"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/23/11"}, {"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/06/5"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=680798"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/18"}, {"name": "FEDORA-2011-3758", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html"}, {"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/10/2"}, {"name": "RHSA-2011:0407", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0407.html"}, {"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/11/3"}, {"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/10/7"}, {"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/05/8"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/22"}, {"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/11/5"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/27"}, {"name": "ADV-2011-0872", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0872"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/32"}, {"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/14/26"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/24"}, {"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/06/4"}, {"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/06/6"}, {"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/33"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:14:27.645Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/19"}, {"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/16"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/25"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/30"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/26"}, {"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/10/3"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/28"}, {"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/08/5"}, {"name": "43955", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/43955"}, {"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/07/5"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/31"}, {"name": "ADV-2011-0961", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0961"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/17"}, {"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/10/6"}, {"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/06/3"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/29"}, {"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/07/6"}, {"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/05/6"}, {"name": "FEDORA-2011-3739", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html"}, {"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/05/4"}, {"name": "ADV-2011-0791", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0791"}, {"name": "MDVSA-2011:065", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:065"}, {"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/07/11"}, {"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/23/11"}, {"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/06/5"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=680798"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/18"}, {"name": "FEDORA-2011-3758", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html"}, {"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/10/2"}, {"name": "RHSA-2011:0407", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0407.html"}, {"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/11/3"}, {"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/10/7"}, {"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/05/8"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/22"}, {"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/11/5"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/27"}, {"name": "ADV-2011-0872", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0872"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/32"}, {"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/14/26"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/24"}, {"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/06/4"}, {"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/06/6"}, {"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/33"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-1098", "datePublished": "2011-03-30T22:00:00", "dateReserved": "2011-02-24T00:00:00", "dateUpdated": "2024-08-06T22:14:27.645Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gentoo:logrotate:*:*:*:*:*:*:*:*", "matchCriteriaId": "CBB1E3AD-DFB4-4A8F-9753-0049B41BC155", "versionEndIncluding": "3.7.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:gentoo:logrotate:3.3:r2:*:*:*:*:*:*", "matchCriteriaId": "9E2EEED0-4022-467B-9EBF-E6DA61B16B16", "vulnerable": true}, {"criteria": "cpe:2.3:a:gentoo:logrotate:3.5.9:*:*:*:*:*:*:*", "matchCriteriaId": "2BE715C9-9C25-4998-90D3-556E53B177B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gentoo:logrotate:3.5.9:r1:*:*:*:*:*:*", "matchCriteriaId": "812F126C-8855-468A-B723-24C8AEF325E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:gentoo:logrotate:3.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "FAAE7BE5-701A-4A90-8163-5ABAC49121CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:gentoo:logrotate:3.6.5:r1:*:*:*:*:*:*", "matchCriteriaId": "A142B712-B06E-4E87-B7A8-DE12E94C25EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:gentoo:logrotate:3.7:*:*:*:*:*:*:*", "matchCriteriaId": "22668C8E-3C09-4DF2-91B2-C2F699AF8A79", "vulnerable": true}, {"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "61673333-B183-4C09-9012-D78E05FE48EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.1:r1:*:*:*:*:*:*", "matchCriteriaId": "C54EBB10-0359-444F-9726-0406D6F8DD40", "vulnerable": true}, {"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.1:r2:*:*:*:*:*:*", "matchCriteriaId": "810F039B-E454-446B-94D2-97C67B814483", "vulnerable": true}, {"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "EACBE194-176D-40BD-AA9E-4179D25A48EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "7FA8A482-13E0-4B01-A32F-7AB46FED3ACE", "vulnerable": true}, {"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.7:*:*:*:*:*:*:*", "matchCriteriaId": "47E3950C-3FBB-41D8-BBA7-FEAB540859A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.8:*:*:*:*:*:*:*", "matchCriteriaId": "BEB650B0-8CDB-4DE9-94CE-48E78A453262", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place."}, {"lang": "es", "value": "Condici\u00f3n de carrera en la funci\u00f3n createOutputFile en logrotate.c en logrotate v3.7.9 y anteriores permite a usuarios locales leer los datos de registro mediante la apertura de un archivo antes de que los permisos previstos este activos."}], "id": "CVE-2011-1098", "lastModified": "2024-11-21T01:25:31.250", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-03-30T22:55:02.253", "references": [{"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://openwall.com/lists/oss-security/2011/03/04/16"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/04/17"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/04/18"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/04/19"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/04/22"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/04/24"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/04/25"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/04/26"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/04/27"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/04/28"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/04/29"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/04/30"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/04/31"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/04/32"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/04/33"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/05/4"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/05/6"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/05/8"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/06/3"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/06/4"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/06/5"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/06/6"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://openwall.com/lists/oss-security/2011/03/07/11"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/07/5"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/07/6"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/08/5"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/10/2"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/10/3"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/10/6"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/10/7"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/11/3"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/11/5"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/14/26"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/23/11"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/43955"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:065"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2011-0407.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0791"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2011/0872"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2011/0961"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=680798"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://openwall.com/lists/oss-security/2011/03/04/16"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/04/17"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/04/18"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/04/19"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/04/22"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/04/24"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/04/25"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/04/26"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/04/27"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/04/28"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/04/29"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/04/30"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/04/31"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/04/32"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/04/33"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/05/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/05/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/05/8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/06/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/06/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/06/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/06/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://openwall.com/lists/oss-security/2011/03/07/11"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/07/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/07/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/08/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/10/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/10/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/10/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/10/7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/11/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/11/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/14/26"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/23/11"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/43955"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:065"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2011-0407.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0791"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2011/0872"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2011/0961"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=680798"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2011:0407", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "logrotate-0:3.7.8-12.el6_0.1", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2011-03-31T00:00:00Z"}], "bugzilla": {"description": "logrotate: TOCTOU race condition by creation of new files (between opening the file and moment, final permissions have been applied) [information disclosure]", "id": "680798", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=680798"}, "csaw": false, "cvss": {"cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "status": "verified"}, "cwe": "CWE-367", "details": ["Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place."], "name": "CVE-2011-1098", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Will not fix", "package_name": "logrotate", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "logrotate", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2011-02-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2011-1098\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-1098"], "statement": "The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.", "threat_severity": "Low"}