A denial of service flaw was found in the way the logrotate utility performed arguments sanitization, when performing the 'write state' action. A local attacker could use this flaw to cause abort in subsequent logrotate runs via a specially-crafted log file name.
Created attachment 481603 [details] proposed patch This patch fixes the bug by escaping line-feed and backslash and by using 2 * PATH_MAX + 16 for buffer size if PATH_MAX is defined.
Created logrotate tracking bugs for this issue Affects: fedora-all [bug 688520]
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:0407 https://rhn.redhat.com/errata/RHSA-2011-0407.html
Statement: The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.