GCVE - cpe:2.3:a:gentoo:logrotate:3.5.9:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:gentoo:logrotate:3.5.9:*:*:*:*:*:*:*

part: a version: 3.5.9 update: *

Vendor	Gentoo (`7fa277de-5a05-5db1-a5d1-2f4db074c494`)
Product	Logrotate (`e80f9cc2-5aa9-5144-9a38-1e5ec7f90157`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:gem/logrotate`	purl2cpe	2026-06-01 10:12:48.522642
`pkg:github/gentoo/puppet-logrotate`	purl2cpe	2026-06-01 10:12:48.522644

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2011-1155`	vulnerable	2026-06-03 14:30:58.980467	Details available The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name. Published: 2011-03-30T22:00:00.000Z Updated: 2024-08-06T22:14:27.789Z Open on db.gcve.eu Reference links http://openwall.com/lists/oss-security/2011/03/04/19 http://openwall.com/lists/oss-security/2011/03/04/16 http://openwall.com/lists/oss-security/2011/03/04/25 http://openwall.com/lists/oss-security/2011/03/04/30 http://openwall.com/lists/oss-security/2011/03/04/26	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-1154`	vulnerable	2026-06-03 14:30:58.979301	Details available The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name. Published: 2011-03-30T22:00:00.000Z Updated: 2024-08-06T22:14:27.899Z Open on db.gcve.eu Reference links http://openwall.com/lists/oss-security/2011/03/04/19 http://openwall.com/lists/oss-security/2011/03/04/16 http://openwall.com/lists/oss-security/2011/03/04/25 http://openwall.com/lists/oss-security/2011/03/04/30 http://openwall.com/lists/oss-security/2011/03/04/26	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-1098`	vulnerable	2026-06-03 14:30:58.617158	Details available Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place. Published: 2011-03-30T22:00:00.000Z Updated: 2024-08-06T22:14:27.645Z Open on db.gcve.eu Reference links http://openwall.com/lists/oss-security/2011/03/04/19 http://openwall.com/lists/oss-security/2011/03/04/16 http://openwall.com/lists/oss-security/2011/03/04/25 http://openwall.com/lists/oss-security/2011/03/04/30 http://openwall.com/lists/oss-security/2011/03/04/26	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.