CVE-2022-1348 is a security vulnerability identified in the logrotate utility, specifically affecting versions prior to 3.20.0. Logrotate is a widely used system utility on Unix-like operating systems responsible for managing log files by rotating, compressing, and removing them to prevent disk space exhaustion. The vulnerability arises from improper handling of the state file, which logrotate uses to coordinate and prevent concurrent executions by acquiring a file lock. When the state file does not exist, logrotate creates it with world-readable permissions. This misconfiguration allows any unprivileged user to acquire the lock on the state file, effectively blocking other instances of logrotate from running. As a result, legitimate log rotation processes can be denied execution, leading to log files growing indefinitely. This can cause disk space exhaustion and potentially disrupt system monitoring and auditing processes. The vulnerability is classified under CWE-732 (Incorrect Permission Assignment for Critical Resource), indicating that the issue stems from insecure default permissions on a critical synchronization file. The CVSS v3.1 base score is 6.5 (medium severity), reflecting that the vulnerability requires network access with low complexity, privileges, and no user interaction, and impacts availability but not confidentiality or integrity. There are no known exploits in the wild at the time of publication, and no vendor patches were linked in the provided data, though it is expected that updated logrotate versions (3.20.0 and later) address this issue.

For European organizations, this vulnerability can have significant operational impacts. Logrotate is a fundamental component in many Linux-based systems, which are prevalent in enterprise servers, cloud infrastructure, and critical services across Europe. Exploitation allows an unprivileged user to prevent log rotation, causing log files to grow unchecked. This can lead to disk space exhaustion, potentially causing system instability, application failures, or denial of service conditions. Moreover, the inability to rotate logs can hinder forensic investigations and compliance with data retention policies, impacting regulatory adherence such as GDPR. While the vulnerability does not directly compromise data confidentiality or integrity, the availability impact can disrupt business operations and critical infrastructure. Organizations with multi-user environments or shared hosting platforms are particularly at risk, as unprivileged users may exploit this to degrade service availability.

To mitigate this vulnerability, European organizations should first ensure that all systems running logrotate are updated to version 3.20.0 or later, where the issue is resolved by correcting the permissions on the state file. If immediate upgrading is not feasible, administrators should manually verify and correct the permissions of the logrotate state file to restrict access to privileged users only (e.g., root). Implementing file system access controls such as SELinux or AppArmor policies to restrict unprivileged user access to the logrotate state file can provide additional protection. Monitoring disk usage and setting alerts for abnormal log file growth can help detect exploitation attempts early. Additionally, restricting unprivileged user access on critical systems and employing least privilege principles reduce the attack surface. Regular auditing of system utilities and their configurations should be part of security hygiene to prevent similar issues.