This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing a security update.
An updated logwatch package that fixes one security issue is now
available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System
(CVSS) base score, which gives a detailed severity rating, is
available from the CVE link in the References section.
Logwatch is a customizable log analysis system. Logwatch parses
through your system's logs for a given period of time and creates a
report analyzing areas that you specify, in as much detail as you
A flaw was found in the way Logwatch processed log files. If an
attacker were able to create a log file with a malicious file name, it
could result in arbitrary code execution with the privileges of the
root user when that log file is analyzed by Logwatch. (CVE-2011-1018)
Users of logwatch should upgrade to this updated package, which
contains a backported patch to resolve this issue.
See also :
Update the affected logwatch package.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.8
Public Exploit Available : true