Red Hat Enterprise Linux logrotate arbitrary command execution and Information Leakage Vulnerability

Release date:
Updated on:

Affected Systems:
RedHat Red Hat Enterprise Linux Desktop 6
RedHat Red Hat Enterprise Linux HPC Node 6
RedHat Red Hat Enterprise Linux Server 6
RedHat Red Hat Enterprise Linux Workstation 6
Description:
--------------------------------------------------------------------------------
Cve id: CVE-2011-1155, CVE-2011-1154, CVE-2011-1098

The logrotate program simplifies the management of multiple log files and allows automatic circulation, compression, deletion, and mailing of log files.

The shell command injection vulnerability exists when logrotate processes the shred command. A special log file can cause logrotate to run any command with the user permission of logrotate (default root. Note: The shred command is not enabled by default.

When creating a new log file, logrotate has a race condition vulnerability. In some specific configurations, a local attacker can exploit this vulnerability to open a new log file before the final permission of the logrotate application, this vulnerability may cause leakage of sensitive information.

Logrotate has the input verification vulnerability. A log file with a special file name can interrupt logrotate when attempting to process the file again.

<* Link: https://www.redhat.com/support/errata/-RHSA-20110407.html

*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

RedHat
------
For this reason, RedHat has released a Security Bulletin (RHSA-20110407-01) and corresponding patches:

RHSA-20110407-01: Moderate: logrotate security update

Link: https://www.redhat.com/support/errata/-RHSA-20110407.html