漏洞信息详情
Gentoo logrotate默认配置后置链接漏洞
- CNNVD编号:CNNVD-201103-347
- 危害等级: 低危
- CVE编号: CVE-2011-1550
- 漏洞类型: 权限许可和访问控制
- 发布时间: 2011-03-31
- 威胁类型: 本地
- 更新时间: 2011-04-01
- 厂 商: gentoo
- 漏洞来源:
漏洞简介
logrotate是一款系统日志管理软件。
基于SUSE openSUSE Factory的logrotate的默认配置使用根权限去处理目录中的文件(允许低权限用户对该文件执行写操作)。本地用户可以利用logrotate支持不可信路径的缺陷,执行符号链接和硬链接攻击。该漏洞已经通过(1)cobbler,(2)inn,(3)safte-monitor和(4)uucp包的目录得到证实。
漏洞公告
目前厂商还没有提供此漏洞的相关补丁或者升级程序,建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.opensuse.org/zh-cn/
参考网址
来源: MLIST
名称: [oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues
链接:http://openwall.com/lists/oss-security/2011/03/23/11
来源: MLIST
名称: [oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues
链接:http://openwall.com/lists/oss-security/2011/03/14/26
来源: MLIST
名称: [oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues
链接:http://openwall.com/lists/oss-security/2011/03/11/5
来源: MLIST
名称: [oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues
链接:http://openwall.com/lists/oss-security/2011/03/11/3
来源: MLIST
名称: [oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues
链接:http://openwall.com/lists/oss-security/2011/03/10/7
来源: MLIST
名称: [oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues
链接:http://openwall.com/lists/oss-security/2011/03/10/6
来源: MLIST
名称: [oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues
链接:http://openwall.com/lists/oss-security/2011/03/10/3
来源: MLIST
名称: [oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues
链接:http://openwall.com/lists/oss-security/2011/03/10/2
来源: MLIST
名称: [oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues
链接:http://openwall.com/lists/oss-security/2011/03/08/5
来源: MLIST
名称: [oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues
链接:http://openwall.com/lists/oss-security/2011/03/07/6
来源: MLIST
名称: [oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues
链接:http://openwall.com/lists/oss-security/2011/03/07/5
来源: MLIST
名称: [oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues
链接:http://openwall.com/lists/oss-security/2011/03/07/11
来源: MLIST
名称: [oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues
链接:http://openwall.com/lists/oss-security/2011/03/06/6
来源: MLIST
名称: [oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues
链接:http://openwall.com/lists/oss-security/2011/03/06/5
来源: MLIST
名称: [oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues
链接:http://openwall.com/lists/oss-security/2011/03/06/4
来源: MLIST
名称: [oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues
链接:http://openwall.com/lists/oss-security/2011/03/06/3
来源: MLIST
名称: [oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues
链接:http://openwall.com/lists/oss-security/2011/03/05/8
来源: MLIST
名称: [oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues
链接:http://openwall.com/lists/oss-security/2011/03/05/6
来源: MLIST
名称: [oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues
链接:http://openwall.com/lists/oss-security/2011/03/05/4
来源: MLIST
名称: [oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues
链接:http://openwall.com/lists/oss-security/2011/03/04/33
来源: MLIST
名称: [oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues
链接:http://openwall.com/lists/oss-security/2011/03/04/32
来源: MLIST
名称: [oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues
链接:http://openwall.com/lists/oss-security/2011/03/04/31
来源: MLIST
名称: [oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues
链接:http://openwall.com/lists/oss-security/2011/03/04/30
来源: MLIST
名称: [oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues
链接:http://openwall.com/lists/oss-security/2011/03/04/29
来源: MLIST
名称: [oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues
链接:http://openwall.com/lists/oss-security/2011/03/04/28
来源: MLIST
名称: [oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues
链接:http://openwall.com/lists/oss-security/2011/03/04/27
来源: MLIST
名称: [oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues
链接:http://openwall.com/lists/oss-security/2011/03/04/26
来源: MLIST
名称: [oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues
链接:http://openwall.com/lists/oss-security/2011/03/04/25
来源: MLIST
名称: [oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues
链接:http://openwall.com/l
受影响实体
- Gentoo Logrotate
补丁
暂无
评论