Debian Security Advisory DSA 2182-1 (logwatch) Network Vulnerability

Summary

The remote host is missing an update to logwatch announced via advisory DSA 2182-1.

Solution

For the oldstable distribution (lenny), this problem has been fixed in version 7.3.6.cvs20080702-2lenny1. For the stable distribution (squeeze), this problem has been fixed in version 7.3.6.cvs20090906-1squeeze1. For the testing distribution (wheezy) and the unstable distribution (sid), this problem has been fixed in version 7.3.6.cvs20090906-2. We recommend that you upgrade your logwatch packages. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202182-1

Insight

Dominik George discovered that logwatch does not guard against shell meta-characters in crafted log file names (such as those produced by Samba). As a result, an attacker might be able to execute shell commands on the system running logwatch.

Severity

Classification

CVE CVE-2011-0715

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1014-1 (firebird2)
Debian Security Advisory DSA 062-1 (rxvt)
Debian Security Advisory DSA 1074-1 (mpg123)
Debian Security Advisory DSA 1000-2 (libapreq2-perl)
Debian Security Advisory DSA 1117-1 (libgd2)

Take action and discover your vulnerabilities