Vulnerabilidad en Logrotate (CVE-2011-1155)
Gravedad CVSS v2.0:
BAJA
Tipo:
CWE-399
Error en la gestión de recursos
Fecha de publicación:
30/03/2011
Última modificación:
11/04/2025
Descripción
La función writeState en logrotate.c en Logrotate v3.7.9 y anteriores podría permitir a atacantes dependientes de contexto provocar una denegación de servicio ('rotation outage') a través de (1) \n (nueva línea) o (2) caracter \ (backslash) en ficheros de traza, como se demuestra en un archivo que es construido automáticamente en la base del nombre de host o nombre de máquina virtual.
Impacto
Puntuación base 2.0
1.90
Gravedad 2.0
BAJA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:a:gentoo:logrotate:*:*:*:*:*:*:*:* | 3.7.9 (incluyendo) | |
| cpe:2.3:a:gentoo:logrotate:3.3:r2:*:*:*:*:*:* | ||
| cpe:2.3:a:gentoo:logrotate:3.5.9:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gentoo:logrotate:3.5.9:r1:*:*:*:*:*:* | ||
| cpe:2.3:a:gentoo:logrotate:3.6.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gentoo:logrotate:3.6.5:r1:*:*:*:*:*:* | ||
| cpe:2.3:a:gentoo:logrotate:3.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gentoo:logrotate:3.7.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gentoo:logrotate:3.7.1:r1:*:*:*:*:*:* | ||
| cpe:2.3:a:gentoo:logrotate:3.7.1:r2:*:*:*:*:*:* | ||
| cpe:2.3:a:gentoo:logrotate:3.7.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gentoo:logrotate:3.7.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gentoo:logrotate:3.7.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gentoo:logrotate:3.7.8:*:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html
- http://openwall.com/lists/oss-security/2011/03/04/16
- http://openwall.com/lists/oss-security/2011/03/04/17
- http://openwall.com/lists/oss-security/2011/03/04/18
- http://openwall.com/lists/oss-security/2011/03/04/19
- http://openwall.com/lists/oss-security/2011/03/04/22
- http://openwall.com/lists/oss-security/2011/03/04/24
- http://openwall.com/lists/oss-security/2011/03/04/25
- http://openwall.com/lists/oss-security/2011/03/04/26
- http://openwall.com/lists/oss-security/2011/03/04/27
- http://openwall.com/lists/oss-security/2011/03/04/28
- http://openwall.com/lists/oss-security/2011/03/04/29
- http://openwall.com/lists/oss-security/2011/03/04/30
- http://openwall.com/lists/oss-security/2011/03/04/31
- http://openwall.com/lists/oss-security/2011/03/04/32
- http://openwall.com/lists/oss-security/2011/03/04/33
- http://openwall.com/lists/oss-security/2011/03/05/4
- http://openwall.com/lists/oss-security/2011/03/05/6
- http://openwall.com/lists/oss-security/2011/03/05/8
- http://openwall.com/lists/oss-security/2011/03/06/3
- http://openwall.com/lists/oss-security/2011/03/06/4
- http://openwall.com/lists/oss-security/2011/03/06/5
- http://openwall.com/lists/oss-security/2011/03/06/6
- http://openwall.com/lists/oss-security/2011/03/07/11
- http://openwall.com/lists/oss-security/2011/03/07/5
- http://openwall.com/lists/oss-security/2011/03/07/6
- http://openwall.com/lists/oss-security/2011/03/08/5
- http://openwall.com/lists/oss-security/2011/03/10/2
- http://openwall.com/lists/oss-security/2011/03/10/3
- http://openwall.com/lists/oss-security/2011/03/10/6
- http://openwall.com/lists/oss-security/2011/03/10/7
- http://openwall.com/lists/oss-security/2011/03/11/3
- http://openwall.com/lists/oss-security/2011/03/11/5
- http://openwall.com/lists/oss-security/2011/03/14/26
- http://openwall.com/lists/oss-security/2011/03/23/11
- http://secunia.com/advisories/43955
- http://www.mandriva.com/security/advisories?name=MDVSA-2011%3A065
- http://www.redhat.com/support/errata/RHSA-2011-0407.html
- http://www.vupen.com/english/advisories/2011/0791
- http://www.vupen.com/english/advisories/2011/0872
- http://www.vupen.com/english/advisories/2011/0961
- https://bugzilla.redhat.com/show_bug.cgi?id=680797
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html
- http://openwall.com/lists/oss-security/2011/03/04/16
- http://openwall.com/lists/oss-security/2011/03/04/17
- http://openwall.com/lists/oss-security/2011/03/04/18
- http://openwall.com/lists/oss-security/2011/03/04/19
- http://openwall.com/lists/oss-security/2011/03/04/22
- http://openwall.com/lists/oss-security/2011/03/04/24
- http://openwall.com/lists/oss-security/2011/03/04/25
- http://openwall.com/lists/oss-security/2011/03/04/26
- http://openwall.com/lists/oss-security/2011/03/04/27
- http://openwall.com/lists/oss-security/2011/03/04/28
- http://openwall.com/lists/oss-security/2011/03/04/29
- http://openwall.com/lists/oss-security/2011/03/04/30
- http://openwall.com/lists/oss-security/2011/03/04/31
- http://openwall.com/lists/oss-security/2011/03/04/32
- http://openwall.com/lists/oss-security/2011/03/04/33
- http://openwall.com/lists/oss-security/2011/03/05/4
- http://openwall.com/lists/oss-security/2011/03/05/6
- http://openwall.com/lists/oss-security/2011/03/05/8
- http://openwall.com/lists/oss-security/2011/03/06/3
- http://openwall.com/lists/oss-security/2011/03/06/4
- http://openwall.com/lists/oss-security/2011/03/06/5
- http://openwall.com/lists/oss-security/2011/03/06/6
- http://openwall.com/lists/oss-security/2011/03/07/11
- http://openwall.com/lists/oss-security/2011/03/07/5
- http://openwall.com/lists/oss-security/2011/03/07/6
- http://openwall.com/lists/oss-security/2011/03/08/5
- http://openwall.com/lists/oss-security/2011/03/10/2
- http://openwall.com/lists/oss-security/2011/03/10/3
- http://openwall.com/lists/oss-security/2011/03/10/6
- http://openwall.com/lists/oss-security/2011/03/10/7
- http://openwall.com/lists/oss-security/2011/03/11/3
- http://openwall.com/lists/oss-security/2011/03/11/5
- http://openwall.com/lists/oss-security/2011/03/14/26
- http://openwall.com/lists/oss-security/2011/03/23/11
- http://secunia.com/advisories/43955
- http://www.mandriva.com/security/advisories?name=MDVSA-2011%3A065
- http://www.redhat.com/support/errata/RHSA-2011-0407.html
- http://www.vupen.com/english/advisories/2011/0791
- http://www.vupen.com/english/advisories/2011/0872
- http://www.vupen.com/english/advisories/2011/0961
- https://bugzilla.redhat.com/show_bug.cgi?id=680797