Vulnerability Details : CVE-2011-1550
The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages.
Exploit prediction scoring system (EPSS) score for CVE-2011-1550
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 8 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-1550
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.3
|
MEDIUM | AV:L/AC:M/Au:N/C:N/I:C/A:C |
3.4
|
9.2
|
NIST |
CWE ids for CVE-2011-1550
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1550
-
http://openwall.com/lists/oss-security/2011/03/04/29
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/08/5
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/05/6
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/04/26
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/07/11
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/04/30
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/04/27
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/14/26
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/06/3
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/04/16
oss-security - CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/05/4
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/04/22
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/04/33
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/04/18
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/04/17
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/04/28
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/10/2
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/07/6
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/06/6
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/10/3
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/06/4
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/11/3
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/04/31
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/04/25
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/04/32
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/04/24
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/05/8
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/06/5
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/10/6
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/23/11
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/10/7
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/11/5
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/07/5
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/04/19
oss-security - Re: CVE Request -- logrotate -- nine issues
Products affected by CVE-2011-1550
- cpe:2.3:a:gentoo:logrotate:*:*:*:*:*:*:*:*When used together with: Novell » Opensuse Factory