← Back to CVEs
CVE-2011-1549
N/ADescription
The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages.
CVE Details
CVSS v3.1 ScoreN/A
Published3/30/2011
Last Modified4/29/2026
Sourcenvd
Honeypot Sightings0
Affected Products
gentoo:linuxgentoo:logrotate
Weaknesses (CWE)
CWE-264
References
http://openwall.com/lists/oss-security/2011/03/04/16(cve@mitre.org)
http://openwall.com/lists/oss-security/2011/03/04/17(cve@mitre.org)
http://openwall.com/lists/oss-security/2011/03/04/18(cve@mitre.org)
http://openwall.com/lists/oss-security/2011/03/04/19(cve@mitre.org)
http://openwall.com/lists/oss-security/2011/03/04/22(cve@mitre.org)
http://openwall.com/lists/oss-security/2011/03/04/24(cve@mitre.org)
http://openwall.com/lists/oss-security/2011/03/04/25(cve@mitre.org)
http://openwall.com/lists/oss-security/2011/03/04/26(cve@mitre.org)
http://openwall.com/lists/oss-security/2011/03/04/27(cve@mitre.org)
http://openwall.com/lists/oss-security/2011/03/04/28(cve@mitre.org)
http://openwall.com/lists/oss-security/2011/03/04/29(cve@mitre.org)
http://openwall.com/lists/oss-security/2011/03/04/30(cve@mitre.org)
http://openwall.com/lists/oss-security/2011/03/04/31(cve@mitre.org)
http://openwall.com/lists/oss-security/2011/03/04/32(cve@mitre.org)
http://openwall.com/lists/oss-security/2011/03/04/33(cve@mitre.org)
http://openwall.com/lists/oss-security/2011/03/05/4(cve@mitre.org)
http://openwall.com/lists/oss-security/2011/03/05/6(cve@mitre.org)
http://openwall.com/lists/oss-security/2011/03/05/8(cve@mitre.org)
http://openwall.com/lists/oss-security/2011/03/06/3(cve@mitre.org)
http://openwall.com/lists/oss-security/2011/03/06/4(cve@mitre.org)
http://openwall.com/lists/oss-security/2011/03/06/5(cve@mitre.org)
http://openwall.com/lists/oss-security/2011/03/06/6(cve@mitre.org)
http://openwall.com/lists/oss-security/2011/03/07/11(cve@mitre.org)
http://openwall.com/lists/oss-security/2011/03/07/5(cve@mitre.org)
http://openwall.com/lists/oss-security/2011/03/07/6(cve@mitre.org)
http://openwall.com/lists/oss-security/2011/03/08/5(cve@mitre.org)
http://openwall.com/lists/oss-security/2011/03/10/2(cve@mitre.org)
http://openwall.com/lists/oss-security/2011/03/10/3(cve@mitre.org)
http://openwall.com/lists/oss-security/2011/03/10/6(cve@mitre.org)
http://openwall.com/lists/oss-security/2011/03/10/7(cve@mitre.org)
http://openwall.com/lists/oss-security/2011/03/11/3(cve@mitre.org)
http://openwall.com/lists/oss-security/2011/03/11/5(cve@mitre.org)
http://openwall.com/lists/oss-security/2011/03/14/26(cve@mitre.org)
http://openwall.com/lists/oss-security/2011/03/23/11(cve@mitre.org)
http://www.securityfocus.com/bid/47170(cve@mitre.org)
http://openwall.com/lists/oss-security/2011/03/04/16(af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2011/03/04/17(af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2011/03/04/18(af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2011/03/04/19(af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2011/03/04/22(af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2011/03/04/24(af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2011/03/04/25(af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2011/03/04/26(af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2011/03/04/27(af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2011/03/04/28(af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2011/03/04/29(af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2011/03/04/30(af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2011/03/04/31(af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2011/03/04/32(af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2011/03/04/33(af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2011/03/05/4(af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2011/03/05/6(af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2011/03/05/8(af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2011/03/06/3(af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2011/03/06/4(af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2011/03/06/5(af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2011/03/06/6(af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2011/03/07/11(af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2011/03/07/5(af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2011/03/07/6(af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2011/03/08/5(af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2011/03/10/2(af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2011/03/10/3(af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2011/03/10/6(af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2011/03/10/7(af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2011/03/11/3(af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2011/03/11/5(af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2011/03/14/26(af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2011/03/23/11(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/47170(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.