CVE-2022-1348
Summary
| CVE | CVE-2022-1348 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-05-25 16:15:00 UTC |
|---|
| Updated | 2023-11-07 03:41:00 UTC |
|---|
| Description | A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw affects logrotate versions before 3.20.0. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| [SECURITY] Fedora 36 Update: logrotate-3.20.1-1.fc36 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| oss-security - Re: CVE-2022-1348 logrotate: potential DoS from unprivileged users via the state file |
MLIST |
www.openwall.com |
|
| [SECURITY] Fedora 35 Update: logrotate-3.18.1-4.fc35 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| oss-security - Re: Re: CVE-2022-1348 logrotate: potential DoS from
unprivileged users via the state file |
MLIST |
www.openwall.com |
|
| 2075074 – (CVE-2022-1348) CVE-2022-1348 logrotate: potential DoS from unprivileged users via the state file |
MISC |
bugzilla.redhat.com |
|
| [SECURITY] Fedora 35 Update: logrotate-3.18.1-4.fc35 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| oss-security - Re: Re: CVE-2022-1348 logrotate: potential DoS from unprivileged users via the state file |
MLIST |
www.openwall.com |
|
| [SECURITY] Fedora 36 Update: logrotate-3.20.1-1.fc36 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160315 Oracle Enterprise Linux Security Update for logrotate (ELSA-2022-8393)
- 180854 Debian Security Update for logrotate (CVE-2022-1348)
- 198807 Ubuntu Security Notification for logrotate Vulnerability (USN-5447-1)
- 240895 Red Hat Update for logrotate (RHSA-2022:8393)
- 282774 Fedora Security Update for logrotate (FEDORA-2022-87c0f05204)
- 282816 Fedora Security Update for logrotate (FEDORA-2022-ff0188b37c)
- 296086 Oracle Solaris 11.4 Support Repository Update (SRU) 51.132.1 Missing (CPUOCT2022)
- 354288 Amazon Linux Security Advisory for logrotate : ALAS2022-2022-095
- 354373 Amazon Linux Security Advisory for logrotate : ALAS2022-2022-084
- 354465 Amazon Linux Security Advisory for logrotate : ALAS2022-2022-189
- 501428 Alpine Linux Security Update for logrotate
- 501750 Alpine Linux Security Update for logrotate
- 502223 Alpine Linux Security Update for logrotate
- 502744 Alpine Linux Security Update for logrotate
- 752352 SUSE Enterprise Linux Security Update for logrotate (SUSE-SU-2022:2396-1)
- 902135 Common Base Linux Mariner (CBL-Mariner) Security Update for logrotate (9842)
- 902143 Common Base Linux Mariner (CBL-Mariner) Security Update for logrotate (9845)
- 902263 Common Base Linux Mariner (CBL-Mariner) Security Update for logrotate (9845-1)
- 902491 Common Base Linux Mariner (CBL-Mariner) Security Update for logrotate (9842-1)
- 940796 AlmaLinux Security Update for logrotate (ALSA-2022:8393)
- 960619 Rocky Linux Security Update for logrotate (RLSA-2022:8393)
