MidnightBSD

Advisories for logwatch

CVE-2002-0162 MEDIUM

LogWatch before 2.5 allows local users to execute arbitrary code via a symlink attack on the logwatch temporary directory.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
logwatch logwatch *
CVE-2002-0165 HIGH

LogWatch 2.5 allows local users to gain root privileges via a symlink attack, a different vulnerability than CVE-2002-0162.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
logwatch logwatch 2.5
CVE-2005-1061 MEDIUM

The secure script in LogWatch before 2.6-2 allows attackers to prevent LogWatch from detecting malicious activity via certain strings in the secure file that are later used as part of a regular expression, which causes the parser to crash, aka "logwatch log processing regular expression DoS."

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
logwatch logwatch 2.6.2
redhat enterprise_linux 2.1
redhat linux_advanced_workstation 2.1
CVE-2011-1018 HIGH

logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in a log file name, as demonstrated via a crafted username to a Samba server.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
logwatch logwatch 7.3.6