CVE-2011-1154
30.03.2011, 22:55
The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.Enginsight
| Vendor | Product | Version |
|---|---|---|
| gentoo | logrotate | 𝑥 ≤ 3.7.9 |
| gentoo | logrotate | 3.3:r2 |
| gentoo | logrotate | 3.5.9 |
| gentoo | logrotate | 3.5.9:r1 |
| gentoo | logrotate | 3.6.5 |
| gentoo | logrotate | 3.6.5:r1 |
| gentoo | logrotate | 3.7 |
| gentoo | logrotate | 3.7.1 |
| gentoo | logrotate | 3.7.1:r1 |
| gentoo | logrotate | 3.7.1:r2 |
| gentoo | logrotate | 3.7.2 |
| gentoo | logrotate | 3.7.6 |
| gentoo | logrotate | 3.7.7 |
| gentoo | logrotate | 3.7.8 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
References