|
|
Log in / Subscribe / Register

Pardus alert 2011-85 (logrotate)



From:
    	      Meltem Parmaksız <meltem@pardus.org.tr> 


To:
    	      pardus-security@pardus.org.tr 


Subject:
    	      [Pardus-security]  [PLSA 2011-85] Logrotate: Race Condition 


Date:
    	      Tue, 21 Jun 2011 16:09:42 +0300


Message-ID:
    	      <201106211609.42970.meltem@pardus.org.tr>



------------------------------------------------------------------------
Pardus Linux Security Advisory 2011-85            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2011-06-21
      Type: Local
------------------------------------------------------------------------

Summary
=======

A  vulnerability has  been  fixed  in  logrotate,  which  allows  local 
attackers could use this flaw  to  trick  the  logrotate  utility  into 
creating the compressed or copied file. 


Description
===========

CVE-2011-1098: 

Race condition in  the  createOutputFile  function  in  logrotate.c  in 
logrotate 3.7.9 and earlier allows local users  to  read  log  data  by 
opening a file before the intended permissions are in place. 


Affected packages:

  Pardus 2009:
    logrotate, all before 3.7.8-8-3


Resolution
==========

There are update(s) for logrotate. You  can  update  them  via  Package 
Manager or with a single command from console: 

    pisi up logrotate

References
==========

  * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-...
  * http://bugs.pardus.org.tr/show_bug.cgi?id=17293

------------------------------------------------------------------------
_______________________________________________
Pardus-Security mailing list
Pardus-Security@pardus.org.tr
http://liste.pardus.org.tr/mailman/listinfo/pardus-security
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds