Описание
The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by /var/log/postgresql/.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | not-affected | 3.7.8-6ubuntu3 |
| hardy | released | 3.7.1-3ubuntu0.8.04.1 |
| karmic | ignored | end of life |
| lucid | not-affected | 3.7.8-4ubuntu2.1 |
| maverick | not-affected | 3.7.8-6ubuntu1 |
| natty | not-affected | 3.7.8-6ubuntu3 |
| upstream | needs-triage |
Показывать по
EPSS
6.3 Medium
CVSS2
Связанные уязвимости
The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by /var/log/postgresql/.
The default configuration of logrotate on Debian GNU/Linux uses root p ...
The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by /var/log/postgresql/.
EPSS
6.3 Medium
CVSS2