Описание
The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | not-affected | code not present |
| devel | released | 3.7.8-6ubuntu4 |
| hardy | not-affected | code not present |
| karmic | ignored | end of life |
| lucid | released | 3.7.8-4ubuntu2.2 |
| maverick | released | 3.7.8-6ubuntu1.1 |
| natty | released | 3.7.8-6ubuntu3.1 |
| upstream | needs-triage |
Показывать по
EPSS
6.9 Medium
CVSS2
Связанные уязвимости
The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.
The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.
The shred_file function in logrotate.c in logrotate 3.7.9 and earlier ...
The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.
EPSS
6.9 Medium
CVSS2