[Pkg-clamav-devel] Bug#606543: clamav-freshclam: affected by privilege escalation vulnerability in logrotate

Olaf van der Spek olafvdspek at gmail.com
Fri Dec 10 09:12:50 UTC 2010


On Fri, Dec 10, 2010 at 9:43 AM, Michael Tautschnig <mt at debian.org> wrote:
>> These lines from this package's maintainer scripts suggest that it likely
>> is affected by the vulnerability:
>>
>> ---------------------------------------------------------------------------
>> chmod 640 $FRESHCLAMLOGFILE
>> chown "$dbowner":adm $FRESHCLAMLOGFILE
>> ---------------------------------------------------------------------------
>>
>
> What is wrong about these two lines? And even from ...

It suggests the daemon itself creates the file. Copytruncate suggests
logrotate also creates the file.
Logrotate runs as root, so if the attacker (running as daemon user)
creates the symlink, logrotate might overwrite an arbitrary file (I
guess).

Olaf





More information about the Pkg-clamav-devel mailing list