CVE-2011-1018

Publication date 25 February 2011

Last updated 24 July 2024

Ubuntu priority

logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in a log file name, as demonstrated via a crafted username to a Samba server.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
logwatch	10.10 maverick	Fixed 7.3.6.cvs20090906-1ubuntu3.1
	10.04 LTS lucid	Fixed 7.3.6.cvs20090906-1ubuntu2.1
	9.10 karmic	Fixed 7.3.6.cvs20090906-1ubuntu1.1
	8.04 LTS hardy	Fixed 7.3.6-1ubuntu1.1
	6.06 LTS dapper	Fixed 7.1-2ubuntu0.1

How can I get the fixes?
What do statuses mean?
Patch details

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
logwatch	Upstream: http://logwatch.svn.sourceforge.net/viewvc/logwatch?view=revision&revision=26

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-1078-1
Logwatch vulnerability
1 March 2011

Other references

https://www.cve.org/CVERecord?id=CVE-2011-1018