Test ID:	1.3.6.1.4.1.25623.1.0.69321
Category:	Fedora Local Security Checks
Title:	Fedora Core 15 FEDORA-2011-3758 (logrotate)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to logrotate announced via advisory FEDORA-2011-3758. Update Information: Fixes CVE-2011-1154, CVE-2011-1155 and CVE-2011-1098. References: [ 1 ] Bug #680798 - CVE-2011-1098 logrotate: TOCTOU race condition by creation of new files (between opening the file and moment, final permissions have been applied) [information disclosure] https://bugzilla.redhat.com/show_bug.cgi?id=680798 [ 2 ] Bug #680796 - CVE-2011-1154 logrotate: Shell command injection by using the shred configuration directive https://bugzilla.redhat.com/show_bug.cgi?id=680796 [ 3 ] Bug #680797 - CVE-2011-1155 logrotate: DoS due improper escaping of file names within 'write state' action https://bugzilla.redhat.com/show_bug.cgi?id=680797 Solution: Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update logrotate' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2011-3758 Risk factor : High CVSS Score: 6.9
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1154 43955 http://secunia.com/advisories/43955 ADV-2011-0791 http://www.vupen.com/english/advisories/2011/0791 ADV-2011-0872 http://www.vupen.com/english/advisories/2011/0872 ADV-2011-0961 http://www.vupen.com/english/advisories/2011/0961 FEDORA-2011-3739 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html FEDORA-2011-3758 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html MDVSA-2011:065 http://www.mandriva.com/security/advisories?name=MDVSA-2011:065 RHSA-2011:0407 http://www.redhat.com/support/errata/RHSA-2011-0407.html [oss-security] 20110304 CVE Request -- logrotate -- nine issues http://openwall.com/lists/oss-security/2011/03/04/16 [oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues http://openwall.com/lists/oss-security/2011/03/04/17 http://openwall.com/lists/oss-security/2011/03/04/18 http://openwall.com/lists/oss-security/2011/03/04/19 http://openwall.com/lists/oss-security/2011/03/04/22 http://openwall.com/lists/oss-security/2011/03/04/24 http://openwall.com/lists/oss-security/2011/03/04/25 http://openwall.com/lists/oss-security/2011/03/04/26 http://openwall.com/lists/oss-security/2011/03/04/27 http://openwall.com/lists/oss-security/2011/03/04/28 http://openwall.com/lists/oss-security/2011/03/04/29 http://openwall.com/lists/oss-security/2011/03/04/30 http://openwall.com/lists/oss-security/2011/03/04/31 http://openwall.com/lists/oss-security/2011/03/04/32 [oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues http://openwall.com/lists/oss-security/2011/03/04/33 http://openwall.com/lists/oss-security/2011/03/05/4 http://openwall.com/lists/oss-security/2011/03/05/6 [oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues http://openwall.com/lists/oss-security/2011/03/05/8 http://openwall.com/lists/oss-security/2011/03/06/3 http://openwall.com/lists/oss-security/2011/03/06/4 http://openwall.com/lists/oss-security/2011/03/06/5 http://openwall.com/lists/oss-security/2011/03/06/6 [oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues http://openwall.com/lists/oss-security/2011/03/07/11 http://openwall.com/lists/oss-security/2011/03/07/5 http://openwall.com/lists/oss-security/2011/03/07/6 [oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues http://openwall.com/lists/oss-security/2011/03/08/5 [oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues http://openwall.com/lists/oss-security/2011/03/10/2 http://openwall.com/lists/oss-security/2011/03/10/3 [oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues http://openwall.com/lists/oss-security/2011/03/10/6 http://openwall.com/lists/oss-security/2011/03/10/7 http://openwall.com/lists/oss-security/2011/03/11/3 http://openwall.com/lists/oss-security/2011/03/11/5 [oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues http://openwall.com/lists/oss-security/2011/03/14/26 [oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues http://openwall.com/lists/oss-security/2011/03/23/11 https://bugzilla.redhat.com/show_bug.cgi?id=680796 Common Vulnerability Exposure (CVE) ID: CVE-2011-1155 https://bugzilla.redhat.com/show_bug.cgi?id=680797 Common Vulnerability Exposure (CVE) ID: CVE-2011-1098 https://bugzilla.redhat.com/show_bug.cgi?id=680798
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.