Race Condition in Logrotate Affects Local Users by Revealing Log Data
CVE-2011-1098

Currently unrated

Key Information:

Vendor: Gentoo
Status: Logrotate
Vendor: CVE Published:; 30 March 2011

What is CVE-2011-1098?

The race condition in the createOutputFile function of logrotate prior to version 3.8.0 allows unauthorized local users to read log data by exploiting the timing of permission checks. Malicious users can open a target file before the intended permissions are established, leading to potential exposure of sensitive log information.

References

http://openwall.com/lists/oss-security/2011/03/04/19

mailing-listx_refsource_MLIST

http://openwall.com/lists/oss-security/2011/03/04/16

mailing-listx_refsource_MLIST

http://openwall.com/lists/oss-security/2011/03/04/25

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 30, 2011
Vulnerability Reserved
Feb 24, 2011

Gentoo

What is CVE-2011-1098?

References

Timeline