{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-03-30T22:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/19"}, {"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/16"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/25"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/30"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/26"}, {"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/10/3"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/28"}, {"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/08/5"}, {"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/07/5"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/31"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/17"}, {"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/10/6"}, {"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/06/3"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/29"}, {"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/07/6"}, {"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/05/6"}, {"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/05/4"}, {"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/07/11"}, {"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/23/11"}, {"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/06/5"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/18"}, {"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/10/2"}, {"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/11/3"}, {"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/10/7"}, {"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/05/8"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/22"}, {"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/11/5"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/27"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/32"}, {"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/14/26"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/24"}, {"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/06/4"}, {"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/06/6"}, {"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/04/33"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-1550", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/04/19"}, {"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/04/16"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/04/25"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/04/30"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/04/26"}, {"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/10/3"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/04/28"}, {"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/08/5"}, {"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/07/5"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/04/31"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/04/17"}, {"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/10/6"}, {"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/06/3"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/04/29"}, {"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/07/6"}, {"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/05/6"}, {"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/05/4"}, {"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/07/11"}, {"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/23/11"}, {"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/06/5"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/04/18"}, {"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/10/2"}, {"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/11/3"}, {"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/10/7"}, {"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/05/8"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/04/22"}, {"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/11/5"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/04/27"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/04/32"}, {"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/14/26"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/04/24"}, {"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/06/4"}, {"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/06/6"}, {"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/04/33"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:28:41.924Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/19"}, {"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/16"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/25"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/30"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/26"}, {"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/10/3"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/28"}, {"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/08/5"}, {"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/07/5"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/31"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/17"}, {"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/10/6"}, {"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/06/3"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/29"}, {"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/07/6"}, {"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/05/6"}, {"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/05/4"}, {"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/07/11"}, {"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/23/11"}, {"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/06/5"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/18"}, {"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/10/2"}, {"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/11/3"}, {"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/10/7"}, {"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/05/8"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/22"}, {"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/11/5"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/27"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/32"}, {"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/14/26"}, {"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/24"}, {"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/06/4"}, {"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/06/6"}, {"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/04/33"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-1550", "datePublished": "2011-03-30T22:00:00Z", "dateReserved": "2011-03-30T00:00:00Z", "dateUpdated": "2024-09-16T20:37:56.047Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gentoo:logrotate:*:*:*:*:*:*:*:*", "matchCriteriaId": "24285EAC-E6BE-421E-B6C1-35CF176769E5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:novell:opensuse_factory:*:*:*:*:*:*:*:*", "matchCriteriaId": "882DC849-895C-4BD7-91AA-A8F38F418300", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages."}, {"lang": "es", "value": "La configuraci\u00f3n por defecto de logrotate en SUSE openSUSE Factory utiliza privilegios de administrador para procesar ficheros en directorios que permite a un no-adminitrador acceso de escritura, lo que permite a usuarios locales conducir ataques de enlace simb\u00f3lico y enlace fijo aprovech\u00e1ndose de la falta de soporte en logrotate para directorios no confiables, como se demostr\u00f3 en directorios para el (1) cobbler, (2) inn, (3) safte-monitor, y (4) paquetes uccp."}], "id": "CVE-2011-1550", "lastModified": "2024-11-21T01:26:34.337", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.3, "confidentialityImpact": "NONE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 9.2, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-03-30T22:55:02.707", "references": [{"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2011/03/04/16"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2011/03/04/17"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2011/03/04/18"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2011/03/04/19"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2011/03/04/22"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2011/03/04/24"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2011/03/04/25"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2011/03/04/26"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2011/03/04/27"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2011/03/04/28"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2011/03/04/29"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2011/03/04/30"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2011/03/04/31"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2011/03/04/32"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2011/03/04/33"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2011/03/05/4"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2011/03/05/6"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2011/03/05/8"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2011/03/06/3"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2011/03/06/4"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2011/03/06/5"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2011/03/06/6"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2011/03/07/11"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2011/03/07/5"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2011/03/07/6"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2011/03/08/5"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2011/03/10/2"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2011/03/10/3"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2011/03/10/6"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2011/03/10/7"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2011/03/11/3"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2011/03/11/5"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2011/03/14/26"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2011/03/23/11"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/04/16"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/04/17"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/04/18"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/04/19"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/04/22"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/04/24"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/04/25"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/04/26"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/04/27"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/04/28"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/04/29"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/04/30"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/04/31"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/04/32"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/04/33"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/05/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/05/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/05/8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/06/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/06/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/06/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/06/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/07/11"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/07/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/07/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/08/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/10/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/10/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/10/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/10/7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/11/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/11/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/14/26"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/23/11"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}