CVE-2011-1098

Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place.
Race Condition
Severity
UNKNOWN
AV:L/AC:M/Au:N/C:P/I:N/A:N
Atk. Vector
LOCAL
Atk. Complexity
MEDIUM
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
VendorProductVersion
gentoologrotate
𝑥
≤ 3.7.9
gentoologrotate
3.3
gentoologrotate
3.5.9
gentoologrotate
3.5.9
gentoologrotate
3.6.5
gentoologrotate
3.6.5
gentoologrotate
3.7
gentoologrotate
3.7.1
gentoologrotate
3.7.1
gentoologrotate
3.7.1
gentoologrotate
3.7.2
gentoologrotate
3.7.6
gentoologrotate
3.7.7
gentoologrotate
3.7.8
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
logrotate
bullseye
3.18.0-2+deb11u2
fixed
squeeze
no-dsa
bookworm
3.21.0-1
fixed
sid
3.22.0-1
fixed
trixie
3.22.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
logrotate
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
ignored
hardy
Fixed 3.7.1-3ubuntu0.8.04.1
released
dapper
ignored
References