CVE-2011-1098

Опубликовано: 13 фев. 2011

Источник: redhat

CVSS2: 1.9

Описание

Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place.

Отчет

The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 4	logrotate	Will not fix
Red Hat Enterprise Linux 5	logrotate	Will not fix
Red Hat Enterprise Linux 6	logrotate	Fixed	RHSA-2011:0407	31.03.2011

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-367

https://bugzilla.redhat.com/show_bug.cgi?id=680798logrotate: TOCTOU race condition by creation of new files (between opening the file and moment, final permissions have been applied) [information disclosure]

1.9 Low

CVSS2

Связанные уязвимости

CVE-2011-1098

ubuntu

около 14 лет назад

Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place.

CVE-2011-1098

nvd

около 14 лет назад

Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place.

CVE-2011-1098

debian

около 14 лет назад

Race condition in the createOutputFile function in logrotate.c in logr ...

GHSA-h8gr-59qr-mxm6

github

около 3 лет назад

Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place.

ELSA-2011-0407

oracle-oval

около 14 лет назад

ELSA-2011-0407: logrotate security update (MODERATE)

1.9 Low

CVSS2