#VU45295 Input validation error in logwatch - CVE-2011-1018

Cybersecurity Help s.r.o.

Published: 2011-02-25 | Updated: 2020-08-11

Vulnerability identifier: #VU45295

Vulnerability risk: High

CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2011-1018

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
logwatch
Other software / Other software solutions

Vendor: www.logwatch.org

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in a log file name, as demonstrated via a crafted username to a Samba server.

Mitigation
Install update from vendor's website.

Vulnerable software versions

logwatch: 7.3.6

External links
https://lists.fedoraproject.org/pipermail/package-announce/2011-March/055579.html
https://lists.fedoraproject.org/pipermail/package-announce/2011-March/055585.html
https://lists.fedoraproject.org/pipermail/package-announce/2011-March/055617.html
https://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
https://logwatch.svn.sourceforge.net/viewvc/logwatch/scripts/logwatch.pl?r1=3&r2=26&pathrev=26
https://secunia.com/advisories/43356
https://secunia.com/advisories/43495
https://secunia.com/advisories/43622
https://secunia.com/advisories/43644
https://secunia.com/advisories/43734
https://sourceforge.net/mailarchive/forum.php?thread_name=4D604843.7040303%40mblmail.net&forum_name=logwatch-devel
https://sourceforge.net/tracker/?func=detail&aid=3184223&group_id=312875&atid=1316824
https://www.debian.org/security/2011/dsa-2182
https://www.openwall.com/lists/oss-security/2011/02/24/13
https://www.openwall.com/lists/oss-security/2011/02/24/15
https://www.redhat.com/support/errata/RHSA-2011-0324.html
https://www.securityfocus.com/bid/46554
https://www.securitytracker.com/id?1025165
https://www.ubuntu.com/usn/USN-1078-1
https://www.vupen.com/english/advisories/2011/0533
https://www.vupen.com/english/advisories/2011/0581
https://www.vupen.com/english/advisories/2011/0596
https://bugzilla.redhat.com/show_bug.cgi?id=680237

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Gentoo update for Logwatch

Input validation error in www.logwatch logwatch