CVE-2011-1098
Publication date 30 March 2011
Last updated 24 July 2024
Ubuntu priority
Description
Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place.
Notes
mdeslaur
this is issue #8 this seems to have been addressed in debian/ubuntu by the create-388608.patch patch. hardy doesn't have them (in (3.7.8-4))
References
Related Ubuntu Security Notices (USN)
- USN-1172-1
- logrotate vulnerabilities
- 21 July 2011