GLSA-201206-36 : logrotate: Multiple vulnerabilities

NASLDB: GLSA-201206-36 : logrotate: Multiple vulnerabilities

General

ID: 59709
Name: GLSA-201206-36 : logrotate: Multiple vulnerabilities

Summary: Checks for updated package(s) in /var/db/pkg

Credits: –

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: –

Port: 0
Family: Gentoo Local Security Checks
Type: Local

Description

The remote host is affected by the vulnerability described in GLSA-201206-36
(logrotate: Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in logrotate. Please
review the CVE identifiers referenced below for details.

Impact :

A local attacker could use this flaw to truncate arbitrary system file,
to change file owner or mode on arbitrary system files, to conduct
symlink attacks and send arbitrary system files, to execute arbitrary
system commands, to cause abort in subsequent logrotate runs, to disclose
sensitive information, to execute arbitrary code or cause a Denial of
Service condition.

Workaround :

There is no known workaround at this time.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2011-1098
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2012/06/25
Plugin Release: 2012/06/26

Plugin

Version: 1.1
Filename: gentoo_GLSA-201206-36.nasl
Filesize: 3492 bytes
MD5 Hash: f4017379dc6e0aafca74c8ead1d1e87b

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list
Dependencies: "ssh_get_info.nasl"

Latest Plugins

Latest Plugins

scip AG