6.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.1%
Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or
HP-UX, does not properly perform cast operations, which causes syslog-ng to
use a default value of -1 to create log files with insecure permissions
(07777), which allows local users to read and write to these log files.
Author | Note |
---|---|
sbeattie | only affects people running syslog-ng on kfreebsd, as fchmod when passed with -1 doesn’t change the mode on files. |