VDB
CVE-2011-1549
CVE-2011-1549
PUBLISHED
CVSS 6.300000190734863 MEDIUM
The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages.
EPSS 0.06% · 19.3th percentile
Risk Scores
CVSS 2.0
6.300000190734863
EPSS Score
0.06%
19.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| gentoo | logrotate |
Timeline
- Mar 30, 2011 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- [oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues mailing-list
- [oss-security] 20110304 CVE Request -- logrotate -- nine issues mailing-list
- [oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues mailing-list
- [oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues mailing-list
- [oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues mailing-list
- [oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues mailing-list
- [oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues mailing-list
- [oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues mailing-list
- [oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues mailing-list
- [oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues mailing-list
- 47170 vdb
- [oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues mailing-list
- [oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues mailing-list
- [oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues mailing-list
- [oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues mailing-list
- [oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues mailing-list
- [oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues mailing-list
- [oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues mailing-list
- [oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues mailing-list
- [oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues mailing-list
…and 16 more