An information disclosure flaw was found in the way the logrotate utility performed email notifications about rotating of out of existence log files. A local attacker could use this flaw to conduct symlink or hardlink attacks and send arbitrary system files (if the logrotate utility was run under privileged system user, root) to the selected email recipient.