syslog-ng does not call chdir when it calls chroot, which might allow malicious users to escape the intended jail. NOTE: this is only a vulnerability when a separate vulnerability is present. This flaw affects syslog-ng versions prior to and including 2.0.9.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oneidentity syslog-ng |