[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] local root exploit in logwatch

To: linux-security
Subject: [linux-security] local root exploit in logwatch
From: Martin Siegert <siegert@sfu.ca>
Date: Fri, 12 Apr 2002 15:53:47 -0700
User-Agent: Mutt/1.2.5.1i

Topic
=====
local root exploit in logwatch

Problem Description
===================
LogWatch is a customizable log analysis system. Versions of LogWatch 2.1.1
and earlier have a vulnerability due to a race condition during the creation
of a temporary directory.  This vulnerability can allow a local user to gain
root privileges.  An additional race condition was found in versions of
LogWatch 2.5 and earlier.

Affected Systems
================
systems that use logwatch with versions < 2.6

Solution
========
upgrade to logwatch 2.6 or later.

RedHat 7.2
----------
rpm -Fvh logwatch-2.6-1.noarch.rpm

Prev by Date: Re: [linux-security] ALERT: zlib double free bug (Debian)
Next by Date: [linux-security] sudo local root exploit
Prev by thread: [linux-security] sudo local root exploit
Next by thread: [linux-security] ALERT: zlib double free bug
Index(es):
- Date
- Thread