Vulnerability in Gentoo Logrotate

CVE-2011-1098

Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place.

Vulnerability class: Race Condition

EPSS: 0.001 (17.2th percentile) — read the EPSS interpretation.

Affected products

Gentoo Logrotate — versions 3.3, 3.5.9, 3.6.5
N/a — versions n/a

Weakness classification (CWE)

CWE-362 — Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)

References

[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues (mailing-list, x_refsource_MLIST)
[oss-security] 20110304 CVE Request -- logrotate -- nine issues (mailing-list, x_refsource_MLIST, Patch)
[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues (mailing-list, x_refsource_MLIST)
[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues (mailing-list, x_refsource_MLIST)
[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues (mailing-list, x_refsource_MLIST)
[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues (mailing-list, x_refsource_MLIST)
[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues (mailing-list, x_refsource_MLIST)
[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues (mailing-list, x_refsource_MLIST)
43955 (x_refsource_SECUNIA, third-party-advisory)
[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues (mailing-list, x_refsource_MLIST)