CVE Vulnerabilities

CVE-2011-0343

Published: Jan 28, 2011 | Modified: May 19, 2020
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.9 MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files.

Affected Software

Name Vendor Start Version End Version
Syslog-ng Oneidentity 2.0 2.0
Syslog-ng Oneidentity 2.0 2.0
Syslog-ng Oneidentity 3.0 3.0
Syslog-ng Oneidentity 3.0 3.0
Syslog-ng Oneidentity 3.1 3.1
Syslog-ng Oneidentity 3.1 3.1
Syslog-ng Oneidentity 3.2 3.2
Syslog-ng Oneidentity 3.2 3.2

References