exploitDog

GHSA-x7w4-r6vr-7hqw

Опубликовано: 17 мая 2022

Источник: github

Github: Не прошло ревью

Описание

The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by /var/log/postgresql/.

The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by /var/log/postgresql/.

Ссылки

EPSS

Процентиль: 19%

0.00059

Низкий

CVE ID

Связанные уязвимости

CVE-2011-1548

ubuntu

почти 15 лет назад

The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by /var/log/postgresql/.

CVE-2011-1548

nvd

почти 15 лет назад

The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by /var/log/postgresql/.

CVE-2011-1548

debian

почти 15 лет назад

The default configuration of logrotate on Debian GNU/Linux uses root p ...

EPSS

Процентиль: 19%

0.00059

Низкий

CVE ID