Vulnerabilities

CVE-2011-1548

by Fred · 30/03/2011

The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate’s lack of support for untrusted directories, as demonstrated by /var/log/postgresql/.

Date published : 2011-03-30

http://www.securityfocus.com/bid/47167

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606544

Related

Tags: Cybersecurity Alert