Lucene search

[email protected]CVE-2011-0343

HistoryJan 28, 2011 - 4:00 p.m.

CVE-2011-0343

2011-01-2816:00:03

CWE-264

[email protected]

web.nvd.nist.gov

cve-2011-0343

balabit syslog-ng

log files

freebsd

hp-ux

insecure permissions

local users

nvd

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files.

Affected configurations

NVD

Node

oneidentitysyslog-ngMatch2.0open_source

oneidentitysyslog-ngMatch2.0premium

oneidentitysyslog-ngMatch3.0open_source

oneidentitysyslog-ngMatch3.0premium

oneidentitysyslog-ngMatch3.1open_source

oneidentitysyslog-ngMatch3.1premium

oneidentitysyslog-ngMatch3.2open_source

oneidentitysyslog-ngMatch3.2premium

AND

freebsdfreebsd

hphp-ux

CPENameOperatorVersion
oneidentity:syslog-ngoneidentity syslog-ngeq2.0
oneidentity:syslog-ngoneidentity syslog-ngeq3.0
oneidentity:syslog-ngoneidentity syslog-ngeq3.1
oneidentity:syslog-ngoneidentity syslog-ngeq3.2

CPE	Name	Operator	Version
oneidentity:syslog-ng	oneidentity syslog-ng	eq	2.0
oneidentity:syslog-ng	oneidentity syslog-ng	eq	3.0
oneidentity:syslog-ng	oneidentity syslog-ng	eq	3.1
oneidentity:syslog-ng	oneidentity syslog-ng	eq	3.2