Back to search
CVE-2011-0343
Published: Jan 28, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608491
x_refsource_CONFIRM
20110125 syslog-ng wrong file permission vulnerability
mailing-list
x_refsource_BUGTRAQ
[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released
mailing-list
x_refsource_MLIST
[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released
mailing-list
x_refsource_MLIST
45988
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now