Bug 680795 - logrotate: Information disclosure by performing email notifications
logrotate: Information disclosure by performing email notifications
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On:
  Show dependency treegraph
Reported: 2011-02-27 14:34 EST by Jan Lieskovsky
Modified: 2015-03-03 11:11 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2011-03-11 01:33:23 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jan Lieskovsky 2011-02-27 14:34:22 EST
An information disclosure flaw was found in the way the
logrotate utility performed email notifications about
rotating of out of existence log files. A local attacker
could use this flaw to conduct symlink or hardlink attacks
and send arbitrary system files (if the logrotate utility
was run under privileged system user, root) to the selected
email recipient.

Note You need to log in before you can comment on or make changes to this bug.