Vulnerability Description
Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oneidentity | Syslog-Ng | 2.0 |
| Freebsd | Freebsd | All versions |
| Hp | Hp-Ux | All versions |
Related Weaknesses (CWE)
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608491PatchThird Party Advisory
- http://www.securityfocus.com/archive/1/515955/100/0/threadedThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/45988Third Party AdvisoryVDB Entry
- https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.htmlVendor Advisory
- https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.htmlVendor Advisory
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608491PatchThird Party Advisory
- http://www.securityfocus.com/archive/1/515955/100/0/threadedThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/45988Third Party AdvisoryVDB Entry
- https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.htmlVendor Advisory
- https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.htmlVendor Advisory
FAQ
What is CVE-2011-0343?
CVE-2011-0343 is a vulnerability with a CVSS score of 6.9 (MEDIUM). Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files wi...
How severe is CVE-2011-0343?
CVE-2011-0343 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-0343?
Check the references section above for vendor advisories and patch information. Affected products include: Oneidentity Syslog-Ng, Freebsd Freebsd, Hp Hp-Ux.