CentOS Update For Logwatch CESA-2011:0324 Centos5 X86_64 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Logwatch is a customizable log analysis system. Logwatch parses through your system's logs for a given period of time and creates a report analyzing areas that you specify, in as much detail as you require. A flaw was found in the way Logwatch processed log files. If an attacker were able to create a log file with a malicious file name, it could result in arbitrary code execution with the privileges of the root user when that log file is analyzed by Logwatch. (CVE-2011-1018) Users of logwatch should upgrade to this updated package, which contains a backported patch to resolve this issue.

Affected

logwatch on CentOS 5

References

http://lists.centos.org/pipermail/centos-announce/2011-April/017366.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1018

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

CentOS Security Advisory CESA-2009:1163 (seamonkey)
CentOS Security Advisory CESA-2009:1471 (elinks)
CentOS Security Advisory CESA-2009:1126 (thunderbird)
CentOS Security Advisory CESA-2009:1218 (pidgin)
CentOS Security Advisory CESA-2009:1101 (cscope)

CentOS Update for logwatch CESA-2011:0324 centos5 x86_64

Take action and discover your vulnerabilities