Vulnerabilidad en función createOutputFile en logrotate.c en logrotate (CVE-2011-1098)
Gravedad CVSS v2.0:
BAJA
Tipo:
CWE-362
Ejecución concurrente utilizando recursos compartidos con una incorrecta sincronización (Condición de carrera)
Fecha de publicación:
30/03/2011
Última modificación:
11/04/2025
Descripción
Condición de carrera en la función createOutputFile en logrotate.c en logrotate v3.7.9 y anteriores permite a usuarios locales leer los datos de registro mediante la apertura de un archivo antes de que los permisos previstos este activos.
Impacto
Puntuación base 2.0
1.90
Gravedad 2.0
BAJA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:a:gentoo:logrotate:*:*:*:*:*:*:*:* | 3.7.9 (incluyendo) | |
| cpe:2.3:a:gentoo:logrotate:3.3:r2:*:*:*:*:*:* | ||
| cpe:2.3:a:gentoo:logrotate:3.5.9:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gentoo:logrotate:3.5.9:r1:*:*:*:*:*:* | ||
| cpe:2.3:a:gentoo:logrotate:3.6.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gentoo:logrotate:3.6.5:r1:*:*:*:*:*:* | ||
| cpe:2.3:a:gentoo:logrotate:3.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gentoo:logrotate:3.7.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gentoo:logrotate:3.7.1:r1:*:*:*:*:*:* | ||
| cpe:2.3:a:gentoo:logrotate:3.7.1:r2:*:*:*:*:*:* | ||
| cpe:2.3:a:gentoo:logrotate:3.7.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gentoo:logrotate:3.7.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gentoo:logrotate:3.7.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gentoo:logrotate:3.7.8:*:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html
- http://openwall.com/lists/oss-security/2011/03/04/16
- http://openwall.com/lists/oss-security/2011/03/04/17
- http://openwall.com/lists/oss-security/2011/03/04/18
- http://openwall.com/lists/oss-security/2011/03/04/19
- http://openwall.com/lists/oss-security/2011/03/04/22
- http://openwall.com/lists/oss-security/2011/03/04/24
- http://openwall.com/lists/oss-security/2011/03/04/25
- http://openwall.com/lists/oss-security/2011/03/04/26
- http://openwall.com/lists/oss-security/2011/03/04/27
- http://openwall.com/lists/oss-security/2011/03/04/28
- http://openwall.com/lists/oss-security/2011/03/04/29
- http://openwall.com/lists/oss-security/2011/03/04/30
- http://openwall.com/lists/oss-security/2011/03/04/31
- http://openwall.com/lists/oss-security/2011/03/04/32
- http://openwall.com/lists/oss-security/2011/03/04/33
- http://openwall.com/lists/oss-security/2011/03/05/4
- http://openwall.com/lists/oss-security/2011/03/05/6
- http://openwall.com/lists/oss-security/2011/03/05/8
- http://openwall.com/lists/oss-security/2011/03/06/3
- http://openwall.com/lists/oss-security/2011/03/06/4
- http://openwall.com/lists/oss-security/2011/03/06/5
- http://openwall.com/lists/oss-security/2011/03/06/6
- http://openwall.com/lists/oss-security/2011/03/07/11
- http://openwall.com/lists/oss-security/2011/03/07/5
- http://openwall.com/lists/oss-security/2011/03/07/6
- http://openwall.com/lists/oss-security/2011/03/08/5
- http://openwall.com/lists/oss-security/2011/03/10/2
- http://openwall.com/lists/oss-security/2011/03/10/3
- http://openwall.com/lists/oss-security/2011/03/10/6
- http://openwall.com/lists/oss-security/2011/03/10/7
- http://openwall.com/lists/oss-security/2011/03/11/3
- http://openwall.com/lists/oss-security/2011/03/11/5
- http://openwall.com/lists/oss-security/2011/03/14/26
- http://openwall.com/lists/oss-security/2011/03/23/11
- http://secunia.com/advisories/43955
- http://www.mandriva.com/security/advisories?name=MDVSA-2011%3A065
- http://www.redhat.com/support/errata/RHSA-2011-0407.html
- http://www.vupen.com/english/advisories/2011/0791
- http://www.vupen.com/english/advisories/2011/0872
- http://www.vupen.com/english/advisories/2011/0961
- https://bugzilla.redhat.com/show_bug.cgi?id=680798
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html
- http://openwall.com/lists/oss-security/2011/03/04/16
- http://openwall.com/lists/oss-security/2011/03/04/17
- http://openwall.com/lists/oss-security/2011/03/04/18
- http://openwall.com/lists/oss-security/2011/03/04/19
- http://openwall.com/lists/oss-security/2011/03/04/22
- http://openwall.com/lists/oss-security/2011/03/04/24
- http://openwall.com/lists/oss-security/2011/03/04/25
- http://openwall.com/lists/oss-security/2011/03/04/26
- http://openwall.com/lists/oss-security/2011/03/04/27
- http://openwall.com/lists/oss-security/2011/03/04/28
- http://openwall.com/lists/oss-security/2011/03/04/29
- http://openwall.com/lists/oss-security/2011/03/04/30
- http://openwall.com/lists/oss-security/2011/03/04/31
- http://openwall.com/lists/oss-security/2011/03/04/32
- http://openwall.com/lists/oss-security/2011/03/04/33
- http://openwall.com/lists/oss-security/2011/03/05/4
- http://openwall.com/lists/oss-security/2011/03/05/6
- http://openwall.com/lists/oss-security/2011/03/05/8
- http://openwall.com/lists/oss-security/2011/03/06/3
- http://openwall.com/lists/oss-security/2011/03/06/4
- http://openwall.com/lists/oss-security/2011/03/06/5
- http://openwall.com/lists/oss-security/2011/03/06/6
- http://openwall.com/lists/oss-security/2011/03/07/11
- http://openwall.com/lists/oss-security/2011/03/07/5
- http://openwall.com/lists/oss-security/2011/03/07/6
- http://openwall.com/lists/oss-security/2011/03/08/5
- http://openwall.com/lists/oss-security/2011/03/10/2
- http://openwall.com/lists/oss-security/2011/03/10/3
- http://openwall.com/lists/oss-security/2011/03/10/6
- http://openwall.com/lists/oss-security/2011/03/10/7
- http://openwall.com/lists/oss-security/2011/03/11/3
- http://openwall.com/lists/oss-security/2011/03/11/5
- http://openwall.com/lists/oss-security/2011/03/14/26
- http://openwall.com/lists/oss-security/2011/03/23/11
- http://secunia.com/advisories/43955
- http://www.mandriva.com/security/advisories?name=MDVSA-2011%3A065
- http://www.redhat.com/support/errata/RHSA-2011-0407.html
- http://www.vupen.com/english/advisories/2011/0791
- http://www.vupen.com/english/advisories/2011/0872
- http://www.vupen.com/english/advisories/2011/0961
- https://bugzilla.redhat.com/show_bug.cgi?id=680798