CVE-2011-1550 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2011-1550 Interim 1 27 2024-10-15T02:34:09Z current 2021-05-30T12:57:10Z 2024-10-15T02:34:09Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2011-1550 The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-updates/2019-April/011156.html E-Mail link for SUSE-OU-2019:0884-1 https://lists.suse.com/pipermail/sle-updates/2012-March/000129.html E-Mail link for SUSE-RU-2012:0327-1 https://lists.suse.com/pipermail/sle-updates/2019-April/011150.html E-Mail link for SUSE-RU-2019:0880-1 https://lists.suse.com/pipermail/sle-security-updates/2012-April/000083.html E-Mail link for SUSE-SU-2012:0509-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings HPE Helion OpenStack 8 SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Manager Client Tools Beta for SLE 12 SUSE Manager Client Tools for SLE 12 SUSE Manager Client Tools for SLE 15 SUSE Manager Server 1.2 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 cobbler koan logrotate-3.7.7-10.26.1 mgr-osad logrotate-3.7.7-10.26.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA cobbler as a component of HPE Helion OpenStack 8 mgr-osad as a component of SUSE Manager Client Tools Beta for SLE 12 cobbler as a component of SUSE Manager Client Tools for SLE 12 mgr-osad as a component of SUSE Manager Client Tools for SLE 12 koan as a component of SUSE Manager Client Tools for SLE 15 mgr-osad as a component of SUSE Manager Client Tools for SLE 15 cobbler as a component of SUSE Manager Server 1.2 cobbler as a component of SUSE OpenStack Cloud 8 cobbler as a component of SUSE OpenStack Cloud 9 The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages. CVE-2011-1550 SUSE Linux Enterprise Server 11 SP1-TERADATA:logrotate-3.7.7-10.26.1 HPE Helion OpenStack 8:cobbler SUSE Manager Client Tools for SLE 12:cobbler SUSE Manager Client Tools for SLE 15:koan SUSE OpenStack Cloud 8:cobbler SUSE OpenStack Cloud 9:cobbler moderate 6.3 AV:L/AC:M/Au:N/C:N/I:C/A:C