CVE-2011-1549

Published: 30 March 2011

The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages.

Priority

Medium

Status

Package Release Status
logrotate
Launchpad, Ubuntu, Debian
Upstream Needs triage