Launchpad.net

CVE 2011-1018

logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in a log file name, as demonstrated via a crafted username to a Samba server.

Related bugs and status

CVE-2011-1018 (Candidate) is related to these bugs:

Bug #564796: The --print options in the logwatch man page examples don't work

Summary				In	Importance	Status
	564796	The --print options in the logwatch man page examples don't work		logwatch (Ubuntu)	Low	Fix Released

Bug #584229: missing named filter/service patterns

Summary				In	Importance	Status
	584229	missing named filter/service patterns		logwatch (Ubuntu)	Low	Fix Released
	584229	missing named filter/service patterns		logwatch	Unknown	Unknown

Bug #719898: logwatch does not report cron events

Summary				In	Importance	Status
	719898	logwatch does not report cron events		logwatch (Ubuntu)	Medium	Fix Released
	719898	logwatch does not report cron events		logwatch (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2011-1018

Related bugs and status

Related bugs

References