CVE-2011-1548

描述

The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by /var/log/postgresql/.

受影響套件(1)

• Debian/logrotatefrom 0, < 3.7.8-6

參考連結(1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2011-1548