Sårbarhed Detalje Syn
|id || 52578|
|Risiko || other|
|Familie || Red Hat Local Security Checks|
|Kategori || infos|
|Navn || RHSA-2011-0324: logwatch|
|Sammenfatning || Check for the version of the logwatch packages|
|Beskrivelse || |
The remote host is missing the patch for the advisory RHSA-2011-0324
An updated logwatch package that fixes one security issue is now available
for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.
Logwatch is a customizable log analysis system. Logwatch parses through
your system's logs for a given period of time and creates a report
analyzing areas that you specify, in as much detail as you require.
A flaw was found in the way Logwatch processed log files. If an attacker
were able to create a log file with a malicious file name, it could result
in arbitrary code execution with the privileges of the root user when that
log file is analyzed by Logwatch. (CVE-2011-1018)
Users of logwatch should upgrade to this updated package, which contains a
backported patch to resolve this issue.
See also :
Update the affected package(s) using, for example, 'yum update'.
Risk factor :
Critical / CVSS Base Score : 10.0
|| (C) 2011 Tenable Network Security, Inc.