CVE-2011-1018

Опубликовано: 16 фев. 2011

Источник: redhat

CVSS2: 7.9

EPSS Средний

Описание

logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in a log file name, as demonstrated via a crafted username to a Samba server.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 4	logwatch	Not affected
Red Hat Enterprise Linux 5	logwatch	Fixed	RHSA-2011:0324	07.03.2011
Red Hat Enterprise Linux 6	logwatch	Fixed	RHSA-2011:0324	07.03.2011

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-73->CWE-78

https://bugzilla.redhat.com/show_bug.cgi?id=680237logwatch: Privilege escalation due improper sanitization of special characters in log file names

EPSS

Процентиль: 96%

0.22714

Средний

7.9 High

CVSS2

Связанные уязвимости

CVE-2011-1018

ubuntu

больше 14 лет назад

logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in a log file name, as demonstrated via a crafted username to a Samba server.

CVE-2011-1018

nvd

больше 14 лет назад

logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in a log file name, as demonstrated via a crafted username to a Samba server.

CVE-2011-1018

debian

больше 14 лет назад

logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute arbit ...

GHSA-g657-whx2-ph73

github

около 3 лет назад

logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in a log file name, as demonstrated via a crafted username to a Samba server.

ELSA-2011-0324

oracle-oval

больше 14 лет назад

ELSA-2011-0324: logwatch security update (IMPORTANT)

EPSS

Процентиль: 96%

0.22714

Средний

7.9 High

CVSS2