Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Gentoo logrotate logrotate.c shred_file函数任意命令执行漏洞
Vulnerability Description
logrotate 3.7.9及之前版本的logrotate.c中的shred_file函数中存在输入验证漏洞。上下文攻击者可以借助日志文件名称中的shell元字符,执行任意命令。该漏洞已经通过在主机名称或者虚拟机名称基础上自动创建的文件名称得到证明。
CVSS Information
N/A
Vulnerability Type
N/A