Vulnerability CVE-2011-1098: Information

Description

Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place.

Severity: LOW (1.9)

References to Advisories, Solutions, and Tools

1. Affected configurations:

   1. Configuration 1

      cpe:2.3:a:gentoo:logrotate:3.6.5:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:gentoo:logrotate:3.7.8:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:gentoo:logrotate:3.5.9:r1:*:*:*:*:*:*

      ---

      cpe:2.3:a:gentoo:logrotate:3.7.6:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:gentoo:logrotate:3.3:r2:*:*:*:*:*:*

      ---

      cpe:2.3:a:gentoo:logrotate:3.7.2:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:gentoo:logrotate:3.7:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:gentoo:logrotate:3.7.1:r2:*:*:*:*:*:*

      ---

      cpe:2.3:a:gentoo:logrotate:3.6.5:r1:*:*:*:*:*:*

      ---

      cpe:2.3:a:gentoo:logrotate:3.5.9:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:gentoo:logrotate:3.7.1:r1:*:*:*:*:*:*

      ---

      cpe:2.3:a:gentoo:logrotate:*:*:*:*:*:*:*:*

      End including

      3.7.9

      ---

      cpe:2.3:a:gentoo:logrotate:3.7.1:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:gentoo:logrotate:3.7.7:*:*:*:*:*:*:*

      ---