ID de Prueba:	1.3.6.1.4.1.25623.1.0.831363
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Update for logrotate MDVSA-2011:065 (logrotate)
Resumen:	The remote host is missing an update for the 'logrotate'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'logrotate' package(s) announced via the referenced advisory. Vulnerability Insight: Multiple vulnerabilities were discovered and corrected in logrotate: Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place (CVE-2011-1098). The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name (CVE-2011-1154). The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name (CVE-2011-1155). Packages for 2009.0 are provided as of the Extended Maintenance Program. The updated packages have been upgraded to the 3.7.9 version and patched to correct these issues. Affected Software/OS: logrotate on Mandriva Linux 2009.0, Mandriva Linux 2009.0/X86_64, Mandriva Linux 2010.0, Mandriva Linux 2010.0/X86_64, Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64, Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64 Solution: Please Install the Updated Packages. CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1098 43955 http://secunia.com/advisories/43955 ADV-2011-0791 http://www.vupen.com/english/advisories/2011/0791 ADV-2011-0872 http://www.vupen.com/english/advisories/2011/0872 ADV-2011-0961 http://www.vupen.com/english/advisories/2011/0961 FEDORA-2011-3739 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html FEDORA-2011-3758 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html MDVSA-2011:065 http://www.mandriva.com/security/advisories?name=MDVSA-2011:065 RHSA-2011:0407 http://www.redhat.com/support/errata/RHSA-2011-0407.html [oss-security] 20110304 CVE Request -- logrotate -- nine issues http://openwall.com/lists/oss-security/2011/03/04/16 [oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues http://openwall.com/lists/oss-security/2011/03/04/17 http://openwall.com/lists/oss-security/2011/03/04/18 http://openwall.com/lists/oss-security/2011/03/04/19 http://openwall.com/lists/oss-security/2011/03/04/22 http://openwall.com/lists/oss-security/2011/03/04/24 http://openwall.com/lists/oss-security/2011/03/04/25 http://openwall.com/lists/oss-security/2011/03/04/26 http://openwall.com/lists/oss-security/2011/03/04/27 http://openwall.com/lists/oss-security/2011/03/04/28 http://openwall.com/lists/oss-security/2011/03/04/29 http://openwall.com/lists/oss-security/2011/03/04/30 http://openwall.com/lists/oss-security/2011/03/04/31 http://openwall.com/lists/oss-security/2011/03/04/32 [oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues http://openwall.com/lists/oss-security/2011/03/04/33 http://openwall.com/lists/oss-security/2011/03/05/4 http://openwall.com/lists/oss-security/2011/03/05/6 [oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues http://openwall.com/lists/oss-security/2011/03/05/8 http://openwall.com/lists/oss-security/2011/03/06/3 http://openwall.com/lists/oss-security/2011/03/06/4 http://openwall.com/lists/oss-security/2011/03/06/5 http://openwall.com/lists/oss-security/2011/03/06/6 [oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues http://openwall.com/lists/oss-security/2011/03/07/11 http://openwall.com/lists/oss-security/2011/03/07/5 http://openwall.com/lists/oss-security/2011/03/07/6 [oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues http://openwall.com/lists/oss-security/2011/03/08/5 [oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues http://openwall.com/lists/oss-security/2011/03/10/2 http://openwall.com/lists/oss-security/2011/03/10/3 [oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues http://openwall.com/lists/oss-security/2011/03/10/6 http://openwall.com/lists/oss-security/2011/03/10/7 http://openwall.com/lists/oss-security/2011/03/11/3 http://openwall.com/lists/oss-security/2011/03/11/5 [oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues http://openwall.com/lists/oss-security/2011/03/14/26 [oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues http://openwall.com/lists/oss-security/2011/03/23/11 https://bugzilla.redhat.com/show_bug.cgi?id=680798 Common Vulnerability Exposure (CVE) ID: CVE-2011-1154 https://bugzilla.redhat.com/show_bug.cgi?id=680796 Common Vulnerability Exposure (CVE) ID: CVE-2011-1155 https://bugzilla.redhat.com/show_bug.cgi?id=680797
Copyright	Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.