CVE-2011-1098

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2011-1098
Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place.

1.9 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 3.4 / Impact : 2.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html Patch
http://openwall.com/lists/oss-security/2011/03/04/16 Patch
http://openwall.com/lists/oss-security/2011/03/04/17
http://openwall.com/lists/oss-security/2011/03/04/18
http://openwall.com/lists/oss-security/2011/03/04/19
http://openwall.com/lists/oss-security/2011/03/04/22
http://openwall.com/lists/oss-security/2011/03/04/24
http://openwall.com/lists/oss-security/2011/03/04/25
http://openwall.com/lists/oss-security/2011/03/04/26
http://openwall.com/lists/oss-security/2011/03/04/27
http://openwall.com/lists/oss-security/2011/03/04/28
http://openwall.com/lists/oss-security/2011/03/04/29
http://openwall.com/lists/oss-security/2011/03/04/30
http://openwall.com/lists/oss-security/2011/03/04/31
http://openwall.com/lists/oss-security/2011/03/04/32
http://openwall.com/lists/oss-security/2011/03/04/33
http://openwall.com/lists/oss-security/2011/03/05/4
http://openwall.com/lists/oss-security/2011/03/05/6
http://openwall.com/lists/oss-security/2011/03/05/8
http://openwall.com/lists/oss-security/2011/03/06/3
http://openwall.com/lists/oss-security/2011/03/06/4
http://openwall.com/lists/oss-security/2011/03/06/5
http://openwall.com/lists/oss-security/2011/03/06/6
http://openwall.com/lists/oss-security/2011/03/07/11 Patch
http://openwall.com/lists/oss-security/2011/03/07/5
http://openwall.com/lists/oss-security/2011/03/07/6
http://openwall.com/lists/oss-security/2011/03/08/5
http://openwall.com/lists/oss-security/2011/03/10/2
http://openwall.com/lists/oss-security/2011/03/10/3
http://openwall.com/lists/oss-security/2011/03/10/6
http://openwall.com/lists/oss-security/2011/03/10/7
http://openwall.com/lists/oss-security/2011/03/11/3
http://openwall.com/lists/oss-security/2011/03/11/5
http://openwall.com/lists/oss-security/2011/03/14/26
http://openwall.com/lists/oss-security/2011/03/23/11
http://secunia.com/advisories/43955
http://www.mandriva.com/security/advisories?name=MDVSA-2011:065
http://www.redhat.com/support/errata/RHSA-2011-0407.html
http://www.vupen.com/english/advisories/2011/0791 Vendor Advisory
http://www.vupen.com/english/advisories/2011/0872
http://www.vupen.com/english/advisories/2011/0961
https://bugzilla.redhat.com/show_bug.cgi?id=680798 Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gentoo:logrotate:*:*:*:*:*:*:*:*
cpe:2.3:a:gentoo:logrotate:3.3:r2:*:*:*:*:*:*
cpe:2.3:a:gentoo:logrotate:3.5.9:*:*:*:*:*:*:*
cpe:2.3:a:gentoo:logrotate:3.5.9:r1:*:*:*:*:*:*
cpe:2.3:a:gentoo:logrotate:3.6.5:*:*:*:*:*:*:*
cpe:2.3:a:gentoo:logrotate:3.6.5:r1:*:*:*:*:*:*
cpe:2.3:a:gentoo:logrotate:3.7:*:*:*:*:*:*:*
cpe:2.3:a:gentoo:logrotate:3.7.1:*:*:*:*:*:*:*
cpe:2.3:a:gentoo:logrotate:3.7.1:r1:*:*:*:*:*:*
cpe:2.3:a:gentoo:logrotate:3.7.1:r2:*:*:*:*:*:*
cpe:2.3:a:gentoo:logrotate:3.7.2:*:*:*:*:*:*:*
cpe:2.3:a:gentoo:logrotate:3.7.6:*:*:*:*:*:*:*
cpe:2.3:a:gentoo:logrotate:3.7.7:*:*:*:*:*:*:*
cpe:2.3:a:gentoo:logrotate:3.7.8:*:*:*:*:*:*:*
History

13 Feb 2023, 04:29

Type Values Removed Values Added
Summary CVE-2011-1098 logrotate: TOCTOU race condition by creation of new files (between opening the file and moment, final permissions have been applied) [information disclosure] Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place.
References
  • {'url': 'https://access.redhat.com/errata/RHSA-2011:0407', 'name': 'https://access.redhat.com/errata/RHSA-2011:0407', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/security/cve/CVE-2011-1098', 'name': 'https://access.redhat.com/security/cve/CVE-2011-1098', 'tags': [], 'refsource': 'MISC'}

02 Feb 2023, 17:17

Type Values Removed Values Added
Summary Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place. CVE-2011-1098 logrotate: TOCTOU race condition by creation of new files (between opening the file and moment, final permissions have been applied) [information disclosure]
References
  • (MISC) https://access.redhat.com/errata/RHSA-2011:0407 -
  • (MISC) https://access.redhat.com/security/cve/CVE-2011-1098 -
Information

Published : 2011-03-30 22:55

Updated : 2023-12-10 11:03

NVD link : CVE-2011-1098

Mitre link : CVE-2011-1098

CVE.ORG link : CVE-2011-1098

JSON object : View

Products Affected

gentoo

  • logrotate
CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')