PT-2011-2282 · Balabit · Syslog-Ng

Steven Chamberlain

Published

2011-01-28

Updated

2020-05-19

CVE-2011-0343

CVSS v2.0

6.9

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Balabit syslog-ng versions 2.0, 3.0, 3.1, 3.2 OSE and PE

Description The issue is related to improper cast operations when running on certain operating systems, resulting in the creation of log files with insecure permissions. This allows local users to read and write to these log files.

Recommendations For Balabit syslog-ng versions 2.0, 3.0, 3.1, 3.2 OSE and PE, consider changing the default permissions to a more secure setting to prevent unauthorized access to log files.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2011-0343

OPENSUSE-SU-2024:10493-1

Affected Products

Syslog-Ng

PT-2011-2282 · Balabit · Syslog-Ng

CVE-2011-0343

Weakness Enumeration

Related Identifiers

Affected Products

References · 9