Vulnerabilities

CVE-2011-1549

by Fred · 30/03/2011

The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate’s lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages.

Date published : 2011-03-30

http://www.securityfocus.com/bid/47170

http://openwall.com/lists/oss-security/2011/03/04/16

Related

Tags: Cybersecurity Alert