Published: 28/01/2011 Updated: 19/05/2020

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

VMScore: 614

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files.

Vulnerable Product	Search on Vulmon	Subscribe to Product
oneidentity syslog-ng 2.0
oneidentity syslog-ng 3.0
oneidentity syslog-ng 3.1
oneidentity syslog-ng 3.2

CWE-264 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608491 http://www.securityfocus.com/bid/45988 https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html http://www.securityfocus.com/archive/1/515955/100/0/threaded https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2011-0343

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect