Summary
Ubuntu Update for Linux kernel vulnerabilities USN-1078-1
Solution
Please Install the Updated Packages.
Insight
Dominik George discovered that logwatch did not properly sanitize log file names that were passed to the shell as part of a command.
If a remote attacker were able to generate specially crafted filenames (for example, via Samba logging), they could execute arbitrary code with root privileges.
Affected
logwatch vulnerability on Ubuntu 8.04 LTS ,
Ubuntu 9.10 ,
Ubuntu 10.04 LTS ,
Ubuntu 10.10
Severity
Classification
-
CVE CVE-2011-1018 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities