Computer Security
[EN] securityvulns.ru no-pyccku


syslog-ng weak permissions
Published:26.01.2011
Source:
SecurityVulns ID:11379
Type:local
Threat Level:
6/10
Description:On some platforms syslog files are created with 07777 permissions.
Affected:SYSLOGNG : syslog-ng 2.0
 SYSLOGNG : syslog-ng 3.0
 SYSLOGNG : syslog-ng 3.1
 SYSLOGNG : syslog-ng 3.2
CVE:CVE-2011-0343 (Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files.)
Original documentdocumentSZALAY Attila, syslog-ng wrong file permission vulnerability (26.01.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod