This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote Scientific Linux host is missing a security update.
A shell command injection flaw was found in the way logrotate handled
the shred directive. A specially-crafted log file could cause
logrotate to execute arbitrary commands with the privileges of the
user running logrotate (root, by default). Note: The shred directive
is not enabled by default. (CVE-2011-1154)
A race condition flaw was found in the way logrotate applied
permissions when creating new log files. In some specific
configurations, a local attacker could use this flaw to open new log
files before logrotate applies the final permissions, possibly leading
to the disclosure of sensitive information. (CVE-2011-1098)
An input sanitization flaw was found in logrotate. A log file with a
specially-crafted file name could cause logrotate to abort when
attempting to process that file a subsequent time. (CVE-2011-1155)
See also :
Update the affected logrotate package.
Risk factor :
Medium / CVSS Base Score : 6.9