CVE-2022-1348

Опубликовано: 25 мая 2022

Источник: redhat

CVSS3: 6.2

EPSS Низкий

Описание

A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw affects logrotate versions before 3.20.0.

A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Advanced Cluster Management for Kubernetes 2	rhacm2/volsync-mover-rclone-rhel8	Not affected
Red Hat Enterprise Linux 6	logrotate	Not affected
Red Hat Enterprise Linux 7	logrotate	Not affected
Red Hat Enterprise Linux 8	logrotate	Not affected
Red Hat Enterprise Linux 9	logrotate	Fixed	RHSA-2022:8393	15.11.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-732

https://bugzilla.redhat.com/show_bug.cgi?id=2075074logrotate: potential DoS from unprivileged users via the state file

EPSS

Процентиль: 27%

0.00092

Низкий

6.2 Medium

CVSS3

Связанные уязвимости

CVE-2022-1348

CVSS3: 6.5

ubuntu

около 3 лет назад

CVE-2022-1348

CVSS3: 6.5

nvd

около 3 лет назад

CVE-2022-1348

CVSS3: 6.5

msrc

около 3 лет назад

Описание отсутствует

CVE-2022-1348

CVSS3: 6.5

debian

около 3 лет назад

A vulnerability was found in logrotate in how the state file is create ...

SUSE-SU-2022:2396-1

suse-cvrf

около 3 лет назад

Security update for logrotate

EPSS

Процентиль: 27%

0.00092

Низкий

6.2 Medium

CVSS3