The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages.
References
Link Providers
http://openwall.com/lists/oss-security/2011/03/04/16 cve-icon cve-icon
http://openwall.com/lists/oss-security/2011/03/04/17 cve-icon cve-icon
http://openwall.com/lists/oss-security/2011/03/04/18 cve-icon cve-icon
http://openwall.com/lists/oss-security/2011/03/04/19 cve-icon cve-icon
http://openwall.com/lists/oss-security/2011/03/04/22 cve-icon cve-icon
http://openwall.com/lists/oss-security/2011/03/04/24 cve-icon cve-icon
http://openwall.com/lists/oss-security/2011/03/04/25 cve-icon cve-icon
http://openwall.com/lists/oss-security/2011/03/04/26 cve-icon cve-icon
http://openwall.com/lists/oss-security/2011/03/04/27 cve-icon cve-icon
http://openwall.com/lists/oss-security/2011/03/04/28 cve-icon cve-icon
http://openwall.com/lists/oss-security/2011/03/04/29 cve-icon cve-icon
http://openwall.com/lists/oss-security/2011/03/04/30 cve-icon cve-icon
http://openwall.com/lists/oss-security/2011/03/04/31 cve-icon cve-icon
http://openwall.com/lists/oss-security/2011/03/04/32 cve-icon cve-icon
http://openwall.com/lists/oss-security/2011/03/04/33 cve-icon cve-icon
http://openwall.com/lists/oss-security/2011/03/05/4 cve-icon cve-icon
http://openwall.com/lists/oss-security/2011/03/05/6 cve-icon cve-icon
http://openwall.com/lists/oss-security/2011/03/05/8 cve-icon cve-icon
http://openwall.com/lists/oss-security/2011/03/06/3 cve-icon cve-icon
http://openwall.com/lists/oss-security/2011/03/06/4 cve-icon cve-icon
http://openwall.com/lists/oss-security/2011/03/06/5 cve-icon cve-icon
http://openwall.com/lists/oss-security/2011/03/06/6 cve-icon cve-icon
http://openwall.com/lists/oss-security/2011/03/07/11 cve-icon cve-icon
http://openwall.com/lists/oss-security/2011/03/07/5 cve-icon cve-icon
http://openwall.com/lists/oss-security/2011/03/07/6 cve-icon cve-icon
http://openwall.com/lists/oss-security/2011/03/08/5 cve-icon cve-icon
http://openwall.com/lists/oss-security/2011/03/10/2 cve-icon cve-icon
http://openwall.com/lists/oss-security/2011/03/10/3 cve-icon cve-icon
http://openwall.com/lists/oss-security/2011/03/10/6 cve-icon cve-icon
http://openwall.com/lists/oss-security/2011/03/10/7 cve-icon cve-icon
http://openwall.com/lists/oss-security/2011/03/11/3 cve-icon cve-icon
http://openwall.com/lists/oss-security/2011/03/11/5 cve-icon cve-icon
http://openwall.com/lists/oss-security/2011/03/14/26 cve-icon cve-icon
http://openwall.com/lists/oss-security/2011/03/23/11 cve-icon cve-icon
http://www.securityfocus.com/bid/47170 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2011-03-30T22:00:00

Updated: 2024-08-06T22:28:41.808Z

Reserved: 2011-03-30T00:00:00

Link: CVE-2011-1549

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2011-03-30T22:55:02.610

Modified: 2024-11-21T01:26:34.157

Link: CVE-2011-1549

cve-icon Redhat

No data.