Bug 680237 (CVE-2011-1018)
Summary: | CVE-2011-1018 logwatch: Privilege escalation due improper sanitization of special characters in log file names | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | bressers, mjc, rphipps+bugzredhat, rvokal, security-response-team, vkrizan |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-07-29 13:58:15 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 680253, 680301, 680302, 680303, 680304, 833937 | ||
Bug Blocks: |
Description
Jan Lieskovsky
2011-02-24 18:52:23 UTC
This issue affects the versions of the logwatch package, as shipped with Red Hat Enterprise Linux 5, and 6. -- This issue affects the versions of the logwatch package, as shipped with Fedora release of 13 and 14. CVE Request: [4] http://www.openwall.com/lists/oss-security/2011/02/24/13 Created logwatch tracking bugs for this issue Affects: fedora-all [bug 680253] RHEL4 is not affected. The way that version of logwatch cats log files together offloads the shell expansion to the shell. It's not terribly safe looking in code, but it works. You end up with things like `cat /var/log/httpd/* > output` The wildcard is passed to the shell unexpanded. From what I see, it's not getting expanded when logwatch is run. The upstream patch appears to work. Outside using system, it appears to do it in a fairly safe manner now. I don't like using system() for this sort of thing, but that's likely outside the scope of this fix. Created logwatch tracking bugs for this issue Affects: fedora-all [bug 680253] Should we expect updates for Red Hat Enterprise Linux 5, and 6 ? Updates are in progress. Once they've passed all of our internal testing, we will release updates. Thanks. This issue has been addressed in following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 Via RHSA-2011:0324 https://rhn.redhat.com/errata/RHSA-2011-0324.html |