PublicDateAtUSN: 2011-03-30
Candidate: CVE-2011-1155
PublicDate: 2011-03-30 22:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1155
 http://openwall.com/lists/oss-security/2011/03/04/16
 https://ubuntu.com/security/notices/USN-1172-1
Description:
 The writeState function in logrotate.c in logrotate 3.7.9 and earlier might
 allow context-dependent attackers to cause a denial of service (rotation
 outage) via a (1) \n (newline) or (2) \ (backslash) character in a log
 filename, as demonstrated by a filename that is automatically constructed
 on the basis of a hostname or virtual machine name.
Ubuntu-Description:
Notes:
 mdeslaur> issue #7
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=680797
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS: 

Patches_logrotate:
 upstream: https://fedorahosted.org/logrotate/changeset/315
 upstream: https://fedorahosted.org/logrotate/changeset/316
upstream_logrotate: needs-triage
dapper_logrotate: ignored (reached end-of-life)
hardy_logrotate: released (3.7.1-3ubuntu0.8.04.1)
karmic_logrotate: ignored (reached end-of-life)
lucid_logrotate: released (3.7.8-4ubuntu2.2)
maverick_logrotate: released (3.7.8-6ubuntu1.1)
natty_logrotate: released (3.7.8-6ubuntu3.1)
devel_logrotate: released (3.7.8-6ubuntu4)