CVE-2011-0343 Information

Feb 14, 2021 cve

Description

Balabit syslog-ng 2.0 3.0 3.1 3.2 OSE and PE when running on FreeBSD or HP-UX does not properly perform cast operations which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777) which allows local users to read and write to these log files.

Reference

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608491 http://www.securityfocus.com/archive/1/515955/100/0/threaded http://www.securityfocus.com/bid/45988 https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html

Share on: