CVE-2011-1098
Published: 30 March 2011
Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place.
Notes
Author | Note |
---|---|
mdeslaur | this is issue #8 this seems to have been addressed in debian/ubuntu by the create-388608.patch patch. hardy doesn't have them (in (3.7.8-4)) |
Priority
Status
Package | Release | Status |
---|---|---|
logrotate Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Released
(3.7.1-3ubuntu0.8.04.1)
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Not vulnerable
(3.7.8-4ubuntu2.1)
|
|
maverick |
Not vulnerable
(3.7.8-6ubuntu1)
|
|
natty |
Not vulnerable
(3.7.8-6ubuntu3)
|
|
upstream |
Needs triage
|