CVE-2011-1155

The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.

Published: Mar 30, 2011
Updated: Nov 9, 2025
CVE: CVE-2011-1155
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 1.9
AV:L/AC:M/Au:N/C:N/I:N/A:P

CWEs:

CWE-399

Affected Software
References

Software	From	Fixed in
gentoo / logrotate	3.6.5	3.6.5.x
gentoo / logrotate	3.7.8	3.7.8.x
gentoo / logrotate	3.5.9-r1	3.5.9-r1.x
gentoo / logrotate	3.7.6	3.7.6.x
gentoo / logrotate	3.3-r2	3.3-r2.x
gentoo / logrotate	3.7.2	3.7.2.x
gentoo / logrotate	3.7	3.7.x
gentoo / logrotate	3.7.1-r2	3.7.1-r2.x
gentoo / logrotate	3.6.5-r1	3.6.5-r1.x
gentoo / logrotate	3.5.9	3.5.9.x
gentoo / logrotate	3.7.1-r1	3.7.1-r1.x
gentoo / logrotate	-	3.7.9.x
gentoo / logrotate	3.7.1	3.7.1.x
gentoo / logrotate	3.7.7	3.7.7.x

Vulnerability Database

322,905

CVE-2011-1155

Deep Security Visibility Without the Complexity