oss-sec mailing list archives
Re: CVE Request -- logrotate -- nine issues
From: Solar Designer <solar () openwall com>
Date: Sat, 5 Mar 2011 22:21:06 +0300
On Sat, Mar 05, 2011 at 03:17:57AM +0700, Pavel Labushev wrote:
04.03.2011 21:52, Solar Designer пишет:I've just skimmed over the list, and I only see one issue that I'd call a vulnerability in logrotate, issue #8. And we need more info on #5. The rest, as described, appear to rely on sysadmin error and to assumeOr on package maintainer error.
Right.
At least in Gentoo there are packages (ebuilds and eclasses) that create user/group-writable directories in /var/log and enable logrotate to handle the log files there.
Is this something you can get fixed? Alexander
Current thread:
- Re: CVE Request -- logrotate -- nine issues, (continued)
- Re: CVE Request -- logrotate -- nine issues Josh Bressers (Mar 07)
- Re: CVE Request -- logrotate -- nine issues Ludwig Nussel (Mar 07)
- Re: CVE Request -- logrotate -- nine issues Josh Bressers (Mar 10)
- Re: CVE Request -- logrotate -- nine issues Florian Zumbiehl (Mar 10)
- Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 10)
- Re: CVE Request -- logrotate -- nine issues Florian Zumbiehl (Mar 10)
- Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 11)
- Re: CVE Request -- logrotate -- nine issues Ludwig Nussel (Mar 11)
- Re: CVE Request -- logrotate -- nine issues Ludwig Nussel (Mar 23)
- Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 05)
- Re: CVE Request -- logrotate -- nine issues Pavel Labushev (Mar 06)
- Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 06)
- Re: CVE Request -- logrotate -- nine issues Pavel Labushev (Mar 06)