Bug 680797 (CVE-2011-1155) - CVE-2011-1155 logrotate: DoS due improper escaping of file names within 'write state' action
Summary: CVE-2011-1155 logrotate: DoS due improper escaping of file names within 'writ...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2011-1155
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 688518 688519 688520
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-02-27 19:38 UTC by Jan Lieskovsky
Modified: 2021-02-24 16:25 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-07-30 13:13:30 UTC
Embargoed:


Attachments (Terms of Use)
proposed patch (1.80 KB, patch)
2011-03-01 12:09 UTC, Jan Kaluža
no flags Details | Diff


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:0407 0 normal SHIPPED_LIVE Moderate: logrotate security update 2011-03-31 15:16:26 UTC

Description Jan Lieskovsky 2011-02-27 19:38:57 UTC
A denial of service flaw was found in the way the logrotate utility
performed arguments sanitization, when performing the 'write state'
action. A local attacker could use this flaw to cause abort in
subsequent logrotate runs via a specially-crafted log file name.

Comment 3 Jan Kaluža 2011-03-01 12:09:46 UTC
Created attachment 481603 [details]
proposed patch

This patch fixes the bug by escaping line-feed and backslash and by using 2 * PATH_MAX + 16 for buffer size if PATH_MAX is defined.

Comment 5 Huzaifa S. Sidhpurwala 2011-03-17 10:01:49 UTC
Created logrotate tracking bugs for this issue

Affects: fedora-all [bug 688520]

Comment 6 errata-xmlrpc 2011-03-31 15:16:35 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:0407 https://rhn.redhat.com/errata/RHSA-2011-0407.html

Comment 8 Josh Bressers 2011-06-29 17:44:45 UTC
Statement:

The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.


Note You need to log in before you can comment on or make changes to this bug.