Approved changes feed: RSS · Atom
cpe:2.3:a:gentoo:logrotate:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Gentoo (7fa277de-5a05-5db1-a5d1-2f4db074c494) |
|---|---|
| Product | Logrotate (e80f9cc2-5aa9-5144-9a38-1e5ec7f90157) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:gem/logrotate |
purl2cpe | 2026-06-01 10:12:48.520183 |
pkg:github/gentoo/puppet-logrotate |
purl2cpe | 2026-06-01 10:12:48.520184 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2011-1550 |
vulnerable | 2026-06-03 14:31:02.402503 |
Details available
The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages.
Published: 2011-03-30T22:00:00.000Z
Updated: 2024-09-16T20:37:56.047Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2011-1549 |
vulnerable | 2026-06-03 14:31:02.400432 |
Details available
The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages.
Published: 2011-03-30T22:00:00.000Z
Updated: 2024-08-06T22:28:41.808Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2011-1548 |
vulnerable | 2026-06-03 14:31:02.398293 |
Details available
The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by /var/log/postgresql/.
Published: 2011-03-30T22:00:00.000Z
Updated: 2024-08-06T22:28:41.805Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2011-1155 |
vulnerable | 2026-06-03 14:30:58.980426 |
Details available
The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.
Published: 2011-03-30T22:00:00.000Z
Updated: 2024-08-06T22:14:27.789Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2011-1154 |
vulnerable | 2026-06-03 14:30:58.979257 |
Details available
The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.
Published: 2011-03-30T22:00:00.000Z
Updated: 2024-08-06T22:14:27.899Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2011-1098 |
vulnerable | 2026-06-03 14:30:58.615968 |
Details available
Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place.
Published: 2011-03-30T22:00:00.000Z
Updated: 2024-08-06T22:14:27.645Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.