---

CVE-2022-1348 - log back

CVE-2022-1348 edited at 25 May 2022 21:19:20
Remote	- Unknown + Local

CVE-2022-1348 created at 25 May 2022 21:19:08
Severity	+ Medium
Remote	+ Unknown
Type	+ Denial of service
Description	+ The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with a default permission mode of 0644, and with an umask of 0022 results in a world-readable file allowing an unprivileged user to lock the state file, stopping any rotation.
References	+ https://github.com/logrotate/logrotate/blame/master/logrotate.c#L3015-L3017 + https://github.com/logrotate/logrotate/commit/f46d0bdfc9c53515c13880c501f4d2e1e7dd8b25 + https://github.com/logrotate/logrotate/releases/tag/3.20.1 + https://github.com/logrotate/logrotate/commit/1f76a381e2caa0603ae3dbc51ed0f1aa0d6658b9 + https://github.com/logrotate/logrotate/commit/addbd293242b0b78aa54f054e6c1d249451f137d + https://github.com/logrotate/logrotate/pull/446
Notes