CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2011-1154

The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 19.6%

CVSS Severity

CVSS v2 Score 6.9

References

Products affected by CVE-2011-1154

Gentoo » Logrotate » Version: Any

cpe:2.3:a:gentoo:logrotate:*
Gentoo » Logrotate » Version: 3.3

cpe:2.3:a:gentoo:logrotate:3.3
Gentoo » Logrotate » Version: 3.5.9

cpe:2.3:a:gentoo:logrotate:3.5.9
Gentoo » Logrotate » Version: 3.6.5

cpe:2.3:a:gentoo:logrotate:3.6.5
Gentoo » Logrotate » Version: 3.7

cpe:2.3:a:gentoo:logrotate:3.7
Gentoo » Logrotate » Version: 3.7.1

cpe:2.3:a:gentoo:logrotate:3.7.1
Gentoo » Logrotate » Version: 3.7.2

cpe:2.3:a:gentoo:logrotate:3.7.2
Gentoo » Logrotate » Version: 3.7.6

cpe:2.3:a:gentoo:logrotate:3.7.6
Gentoo » Logrotate » Version: 3.7.7

cpe:2.3:a:gentoo:logrotate:3.7.7
Gentoo » Logrotate » Version: 3.7.8

cpe:2.3:a:gentoo:logrotate:3.7.8

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2011-1154

Products

Pricing

Contact Us