CVE-2011-1154
EPSS 0.05%Published: 3/30/2011Modified: 4/28/2026
Description
The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.
Affected packages (1)
- Debian/logrotatefrom 0, < 3.8.0-1