This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.
The remote SuSE 11 host is missing a security update.
This update for logrotate provides the following fixes :
- The shred_file function in logrotate might allow
context-dependent attackers to execute arbitrary
commands via shell metacharacters in a log filename, as
demonstrated by a filename that is automatically
constructed on the basis of a hostname or virtual
machine name (CVE-2011-1154). (bnc#679661)
- Race condition in the createOutputFile function in
logrotate allows local users to read log data by opening
a file before the intended permissions are in place
- The writeState function in logrotate might allow
context-dependent attackers to cause a denial of service
(rotation outage) via a (1) \n (newline) or (2) \
(backslash) character in a log filename, as demonstrated
by a filename that is automatically constructed on the
basis of a hostname or virtual machine name
- Fix handling of missingok option which previously was
not working as expected.
See also :
Apply SAT patch number 4583.
Risk factor :
Medium / CVSS Base Score : 6.9
Family: SuSE Local Security Checks
Nessus Plugin ID: 54827 ()
CVE ID: CVE-2011-1098CVE-2011-1154CVE-2011-1155
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.