CVE-2011-1098
Published: 30 March 2011
Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place.
Notes
| Author | Note |
|---|---|
| mdeslaur | this is issue #8 this seems to have been addressed in debian/ubuntu by the create-388608.patch patch. hardy doesn't have them (in (3.7.8-4)) |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
logrotate Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
| hardy |
Released
(3.7.1-3ubuntu0.8.04.1)
|
|
| karmic |
Ignored
(end of life)
|
|
| lucid |
Not vulnerable
(3.7.8-4ubuntu2.1)
|
|
| maverick |
Not vulnerable
(3.7.8-6ubuntu1)
|
|
| natty |
Not vulnerable
(3.7.8-6ubuntu3)
|
|
| upstream |
Needs triage
|