CVE Vulnerabilities

CVE-2011-0343

Published: Jan 28, 2011 | Modified: May 19, 2020
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.9 MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu
LOW

Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files.

Affected Software

Name Vendor Start Version End Version
Syslog-ng Oneidentity 2.0 (including) 2.0 (including)
Syslog-ng Oneidentity 3.0 (including) 3.0 (including)
Syslog-ng Oneidentity 3.1 (including) 3.1 (including)
Syslog-ng Oneidentity 3.2 (including) 3.2 (including)
Syslog-ng Ubuntu artful *
Syslog-ng Ubuntu dapper *
Syslog-ng Ubuntu hardy *
Syslog-ng Ubuntu karmic *
Syslog-ng Ubuntu lucid *
Syslog-ng Ubuntu maverick *
Syslog-ng Ubuntu natty *
Syslog-ng Ubuntu oneiric *
Syslog-ng Ubuntu precise *
Syslog-ng Ubuntu quantal *
Syslog-ng Ubuntu raring *
Syslog-ng Ubuntu saucy *
Syslog-ng Ubuntu upstream *
Syslog-ng Ubuntu utopic *
Syslog-ng Ubuntu vivid *
Syslog-ng Ubuntu wily *
Syslog-ng Ubuntu yakkety *
Syslog-ng Ubuntu zesty *

References