{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-03-04T00:00:00", "descriptions": [{"lang": "en", "value": "The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-04-21T09:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/19"}, {"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/16"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/25"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/30"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/26"}, {"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/10/3"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/28"}, {"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/08/5"}, {"name": "43955", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43955"}, {"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/07/5"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/31"}, {"name": "ADV-2011-0961", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0961"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/17"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=680796"}, {"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/10/6"}, {"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/06/3"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/29"}, {"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/07/6"}, {"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/05/6"}, {"name": "FEDORA-2011-3739", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html"}, {"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/05/4"}, {"name": "ADV-2011-0791", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0791"}, {"name": "MDVSA-2011:065", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:065"}, {"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/07/11"}, {"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/23/11"}, {"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/06/5"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/18"}, {"name": "FEDORA-2011-3758", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html"}, {"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/10/2"}, {"name": "RHSA-2011:0407", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0407.html"}, {"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/11/3"}, {"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/10/7"}, {"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/05/8"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/22"}, {"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/11/5"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/27"}, {"name": "ADV-2011-0872", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0872"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/32"}, {"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/14/26"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/24"}, {"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/06/4"}, {"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/06/6"}, {"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/33"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:14:27.899Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/19"}, {"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/16"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/25"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/30"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/26"}, {"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/10/3"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/28"}, {"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/08/5"}, {"name": "43955", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/43955"}, {"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/07/5"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/31"}, {"name": "ADV-2011-0961", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0961"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/17"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=680796"}, {"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/10/6"}, {"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/06/3"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/29"}, {"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/07/6"}, {"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/05/6"}, {"name": "FEDORA-2011-3739", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html"}, {"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/05/4"}, {"name": "ADV-2011-0791", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0791"}, {"name": "MDVSA-2011:065", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:065"}, {"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/07/11"}, {"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/23/11"}, {"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/06/5"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/18"}, {"name": "FEDORA-2011-3758", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html"}, {"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/10/2"}, {"name": "RHSA-2011:0407", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0407.html"}, {"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/11/3"}, {"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/10/7"}, {"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/05/8"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/22"}, {"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/11/5"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/27"}, {"name": "ADV-2011-0872", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0872"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/32"}, {"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/14/26"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/24"}, {"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/06/4"}, {"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/06/6"}, {"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/33"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-1154", "datePublished": "2011-03-30T22:00:00", "dateReserved": "2011-03-03T00:00:00", "dateUpdated": "2024-08-06T22:14:27.899Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gentoo:logrotate:*:*:*:*:*:*:*:*", "matchCriteriaId": "CBB1E3AD-DFB4-4A8F-9753-0049B41BC155", "versionEndIncluding": "3.7.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:gentoo:logrotate:3.3:r2:*:*:*:*:*:*", "matchCriteriaId": "9E2EEED0-4022-467B-9EBF-E6DA61B16B16", "vulnerable": true}, {"criteria": "cpe:2.3:a:gentoo:logrotate:3.5.9:*:*:*:*:*:*:*", "matchCriteriaId": "2BE715C9-9C25-4998-90D3-556E53B177B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gentoo:logrotate:3.5.9:r1:*:*:*:*:*:*", "matchCriteriaId": "812F126C-8855-468A-B723-24C8AEF325E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:gentoo:logrotate:3.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "FAAE7BE5-701A-4A90-8163-5ABAC49121CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:gentoo:logrotate:3.6.5:r1:*:*:*:*:*:*", "matchCriteriaId": "A142B712-B06E-4E87-B7A8-DE12E94C25EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:gentoo:logrotate:3.7:*:*:*:*:*:*:*", "matchCriteriaId": "22668C8E-3C09-4DF2-91B2-C2F699AF8A79", "vulnerable": true}, {"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "61673333-B183-4C09-9012-D78E05FE48EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.1:r1:*:*:*:*:*:*", "matchCriteriaId": "C54EBB10-0359-444F-9726-0406D6F8DD40", "vulnerable": true}, {"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.1:r2:*:*:*:*:*:*", "matchCriteriaId": "810F039B-E454-446B-94D2-97C67B814483", "vulnerable": true}, {"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "EACBE194-176D-40BD-AA9E-4179D25A48EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "7FA8A482-13E0-4B01-A32F-7AB46FED3ACE", "vulnerable": true}, {"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.7:*:*:*:*:*:*:*", "matchCriteriaId": "47E3950C-3FBB-41D8-BBA7-FEAB540859A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:gentoo:logrotate:3.7.8:*:*:*:*:*:*:*", "matchCriteriaId": "BEB650B0-8CDB-4DE9-94CE-48E78A453262", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name."}, {"lang": "es", "value": "La funci\u00f3n shred_file en logrotate.c en logrotate v3.7.9 y anteriores puede permitir a atacantes dependiendo del contexto, ejecutar comandos v\u00eda metacaracteres de la shell en un fichero de registro, como lo demuestra un nombre de archivo que es contruido de forma autom\u00e1tica sobre la base de un nombre de host o m\u00e1quina virtual."}], "id": "CVE-2011-1154", "lastModified": "2024-11-21T01:25:40.543", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-03-30T22:55:02.360", "references": [{"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/04/16"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/04/17"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/04/18"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/04/19"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/04/22"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/04/24"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/04/25"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/04/26"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/04/27"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/04/28"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/04/29"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/04/30"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/04/31"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/04/32"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/04/33"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/05/4"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/05/6"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/05/8"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/06/3"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/06/4"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/06/5"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/06/6"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://openwall.com/lists/oss-security/2011/03/07/11"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/07/5"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/07/6"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/08/5"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/10/2"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/10/3"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/10/6"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/10/7"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/11/3"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/11/5"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/14/26"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/23/11"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/43955"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:065"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2011-0407.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0791"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2011/0872"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2011/0961"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=680796"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/04/16"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/04/17"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/04/18"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/04/19"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/04/22"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/04/24"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/04/25"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/04/26"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/04/27"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/04/28"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/04/29"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/04/30"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/04/31"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/04/32"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/04/33"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/05/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/05/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/05/8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/06/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/06/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/06/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/06/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://openwall.com/lists/oss-security/2011/03/07/11"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/07/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/07/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/08/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/10/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/10/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/10/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/10/7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/11/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/11/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/14/26"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/23/11"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/43955"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:065"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2011-0407.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0791"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2011/0872"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2011/0961"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=680796"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2011:0407", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "logrotate-0:3.7.8-12.el6_0.1", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2011-03-31T00:00:00Z"}], "bugzilla": {"description": "logrotate: Shell command injection by using the shred configuration directive", "id": "680796", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=680796"}, "csaw": false, "cvss": {"cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified"}, "details": ["The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name."], "name": "CVE-2011-1154", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Not affected", "package_name": "logrotate", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "logrotate", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2011-02-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2011-1154\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-1154"], "statement": "Not vulnerable. This issue did not affect the versions of logrotate as\nshipped with Red Hat Enterprise Linux 4 and 5, as they did not support\n'shred' logrotate configuration directive yet.", "threat_severity": "Moderate"}