Bug#1009820: snort: Privilege escalation due to insecure use of logrotate

Fernandez-Sanguino Sent: Wednesday, April 27, 2022 6:15:33 PM To: sec-advisory; 1009...@bugs.debian.org Cc: Debian Bug Control System Subject: Re: Bug#1009820: snort: Privilege escalation due to insecure use of logrotate severity 1009820 normal tags 1009820 - upstream thanks Dear Wolfgang,

Bug#1009820: snort: Privilege escalation due to insecure use of logrotate

severity 1009820 normal tags 1009820 - upstream thanks Dear Wolfgang, The 'snort' user is not a regular user (but a user created by the package itself, which is blocked from access as it has no password set). Consequently the privilege escalation you describe cannot be leveraged by a normal

Bug#1009820: snort: Privilege escalation due to insecure use of logrotate

Package: snort Version: 2.9.15.1-5 Severity: critical Tags: security upstream Justification: root security hole X-Debbugs-Cc: sec-advis...@ait.ac.at Dear Maintainer, The path of the logdirectory of snort can be manipulated by user Snort in Debian Bullseye: # ls -ld /var/log/snort/ drwxr-s--- 3