Vulnerability Details : CVE-2011-1098
Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place.
Products affected by CVE-2011-1098
- cpe:2.3:a:gentoo:logrotate:*:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:logrotate:3.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:logrotate:3.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:logrotate:3.6.5:r1:*:*:*:*:*:*
- cpe:2.3:a:gentoo:logrotate:3.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:logrotate:3.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:logrotate:3.7:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:logrotate:3.7.1:r1:*:*:*:*:*:*
- cpe:2.3:a:gentoo:logrotate:3.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:logrotate:3.3:r2:*:*:*:*:*:*
- cpe:2.3:a:gentoo:logrotate:3.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:logrotate:3.7.1:r2:*:*:*:*:*:*
- cpe:2.3:a:gentoo:logrotate:3.5.9:r1:*:*:*:*:*:*
- cpe:2.3:a:gentoo:logrotate:3.5.9:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-1098
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 14 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-1098
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
1.9
|
LOW | AV:L/AC:M/Au:N/C:P/I:N/A:N |
3.4
|
2.9
|
NIST |
CWE ids for CVE-2011-1098
-
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1098
-
http://openwall.com/lists/oss-security/2011/03/04/29
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/08/5
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://www.redhat.com/support/errata/RHSA-2011-0407.html
Support
-
http://openwall.com/lists/oss-security/2011/03/05/6
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/04/26
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html
[SECURITY] Fedora 14 Update: logrotate-3.7.9-2.fc14
-
http://openwall.com/lists/oss-security/2011/03/07/11
oss-security - Re: CVE Request -- logrotate -- nine issuesPatch
-
http://openwall.com/lists/oss-security/2011/03/04/30
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/04/27
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/14/26
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://www.mandriva.com/security/advisories?name=MDVSA-2011:065
mandriva.com
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html
[SECURITY] Fedora 15 Update: logrotate-3.7.9-8.fc15Patch
-
http://openwall.com/lists/oss-security/2011/03/06/3
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/04/16
oss-security - CVE Request -- logrotate -- nine issuesPatch
-
http://www.vupen.com/english/advisories/2011/0961
Webmail | OVH- OVH
-
http://openwall.com/lists/oss-security/2011/03/05/4
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/04/22
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/04/33
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/04/18
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/04/17
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/04/28
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/10/2
oss-security - Re: CVE Request -- logrotate -- nine issues
-
https://bugzilla.redhat.com/show_bug.cgi?id=680798
680798 – (CVE-2011-1098) CVE-2011-1098 logrotate: TOCTOU race condition by creation of new files (between opening the file and moment, final permissions have been applied) [information disclosure]Patch
-
http://openwall.com/lists/oss-security/2011/03/07/6
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/06/6
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/10/3
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/06/4
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/11/3
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/04/31
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/04/25
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/04/32
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/04/24
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/05/8
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/06/5
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/10/6
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/23/11
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://www.vupen.com/english/advisories/2011/0791
Webmail | OVH- OVHVendor Advisory
-
http://openwall.com/lists/oss-security/2011/03/10/7
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/11/5
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://www.vupen.com/english/advisories/2011/0872
Webmail | OVH- OVH
-
http://openwall.com/lists/oss-security/2011/03/07/5
oss-security - Re: CVE Request -- logrotate -- nine issues
-
http://openwall.com/lists/oss-security/2011/03/04/19
oss-security - Re: CVE Request -- logrotate -- nine issues
Jump to