Local Privilege Escalation in Gentoo Linux logrotate Configuration
CVE-2011-1549

Currently unrated

Key Information:

Vendor: Gentoo
Status: Logrotate
Vendor: CVE Published:; 30 March 2011

What is CVE-2011-1549?

The default configuration of logrotate in Gentoo Linux uses root privileges to manage files in directories that allow non-root write access. This improper handling enables local users to exploit the system through symlink and hard link attacks, particularly affecting log directories under /var/log/. By leveraging logrotate's insufficient support for untrusted directories, attackers can manipulate log files, potentially leading to unauthorized actions and a compromise of system integrity.

References

http://openwall.com/lists/oss-security/2011/03/04/19

mailing-listx_refsource_MLIST

http://openwall.com/lists/oss-security/2011/03/04/16

mailing-listx_refsource_MLIST

http://openwall.com/lists/oss-security/2011/03/04/25

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 30, 2011
Vulnerability Reserved
Mar 30, 2011