severity 1009820 normal
tags 1009820 - upstream
thanks
Dear Wolfgang,
The 'snort' user is not a regular user (but a user created by the package
itself, which is blocked from access as it has no password set).
Consequently the privilege escalation you describe cannot be leveraged by a
normal user.
Processing commands for cont...@bugs.debian.org:
> severity 1009820 normal
Bug #1009820 [snort] snort: Privilege escalation due to insecure use of
logrotate
Severity set to 'normal' from 'critical'
> tags 1009820 - upstream
Bug #1009820 [snort] snort: Privilege escalation due to insecure use of
Package: snort
Version: 2.9.15.1-5
Severity: critical
Tags: security upstream
Justification: root security hole
X-Debbugs-Cc: sec-advis...@ait.ac.at
Dear Maintainer,
The path of the logdirectory of snort can be manipulated by user
Snort in Debian Bullseye:
# ls -ld /var/log/snort/
drwxr-s--- 3
3 matches
Mail list logo
